Bump Microsoft.NETCore.App.Runtime to 10.0.6 (CVE-2026-32178)#40203
Merged
benhillis merged 3 commits intofeature/wsl-for-appsfrom Apr 16, 2026
Merged
Bump Microsoft.NETCore.App.Runtime to 10.0.6 (CVE-2026-32178)#40203benhillis merged 3 commits intofeature/wsl-for-appsfrom
benhillis merged 3 commits intofeature/wsl-for-appsfrom
Conversation
Update Microsoft.NETCore.App.Runtime.win-x64 and Microsoft.NETCore.App.Runtime.win-arm64 from 10.0.4 to 10.0.6 to resolve CVE-2026-32178 (.NET Spoofing Vulnerability). Fixes Dependabot alerts #12 and #13. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
AmelBawa-msft
approved these changes
Apr 16, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates .NET runtime package references to address Dependabot security alerts for CVE-2026-32178 by bumping Windows runtime packages from 10.0.4 to 10.0.6.
Changes:
- Bump
Microsoft.NETCore.App.Runtime.win-arm64from 10.0.4 to 10.0.6 - Bump
Microsoft.NETCore.App.Runtime.win-x64from 10.0.4 to 10.0.6
OneBlue
approved these changes
Apr 16, 2026
kvega005
added a commit
that referenced
this pull request
May 7, 2026
…ronization (#40300) * Fix X Y (#14514) * Rethink image parsing logic (#14496) * Save state * Rethink image parsing to correctly handle different reference formats * Foramt * Fix merge * Apply PR feedback * Format * Apply PR feedback * Use a regex based parser * Format * Reset the test session after termination * Fix test case * Apply PR feedback * Set container cursor (#14516) * Container cursor * Update pull image callback * Clang format * Signal wslcsdk.dll in the release pipeline (#14517) * Add volume alias (#14518) * Add volume alias * Fix Tests * Add DCAT registration remediation (#14450) * Rename image delete to remove and add aliases (#14521) * Rename image delete to remove * Clang format * Handle singular/plural units in FormatRelativeTime * Add more WSLC E2E tests (#14365) * Initial support for WSLC E2E tests * More E2E tests * More E2E tests * WIP * CP exit code fix * Enhance structure * Added E2E file * Clang format * Added E2E test * Enhance structure * Clang format * Update header comment * Update wslc path * Resolving copilot comments * Added E2E test * Pull latest * Addressed comments * Addressed comments * Clang format * Addressed comments * Load image * Addressed comments * Pull latest * Addressed comments * E2E test for wslc container delete * Addressed comments * Resolving copilot comments * Added E2E test * Added E2E test * Added E2E test * Added E2E test * Added E2E test * Added E2E test * Added E2E test * Added E2E test * Added E2E test * Fix test * Added E2E tests * Added E2E tests * Added E2E tests * Added E2E tests * Added E2E tests * Added E2E tests * Added E2E tests * Resolve copilot comment * Clang format * Replace S_OK with 0 * Resolve copilot comment * Addressed comments * Resolve copilot comment * Update test after latest changes * Implement SDK IO callbacks (#14462) Implements `WslcSetProcessSettingsIOCallback` and the use of those inputs for both initial and subsequent processes. A new thread is started to run the `MultiHandleWait` and the container/process objects hold a `shared_ptr` reference to it. The caller must keep one of the objects alive for the callback thread to keep working. * test: add support for ARM64 WSLC testing. (#14519) --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Localization change from build: 142911151 (#14535) Co-authored-by: WSL localization <noreply@microsoft.com> * Initialize environment and add E2E tests with formatting (#14475) * Init env * Added E2E tests * Clang format * WIP * Init tests * Added UT * Added more UT * Added more E2E Tests * Added more E2E Tests * Code enhancement * Added more E2E Tests * Added more E2E Tests * Added more E2E Tests * Clang format * Resolve copilot comment * Addressed comments * Fix test * Addressed comments * merge master -> feature/wsl-for-apps (#14537) * test: enable virtiofs tests and enable WSLG during testing (#14387) * test: enable virtiofs tests and enable WSLG during testing * test fix --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * chore(distributions): Almalinux auto-update - 20260311 14:52:02 (#14404) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Fix CVE-2026-26127: bump .NET runtime from 10.0.0 to 10.0.4 (#14421) Addresses Dependabot alerts #10 and #11. The Microsoft.NETCore.App.Runtime packages (win-x64 and win-arm64) at version 10.0.0 are vulnerable to a denial of service via out-of-bounds read when decoding malformed Base64Url input (CVSS 7.5 High). Bumped to 10.0.4 which includes the fix. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Notice change from build: 141806547 (#14423) Co-authored-by: WSL notice <noreply@microsoft.com> * Ship initrd.img in MSI using build-time generation via powershell script (#14424) * Ship initrd.img in MSI using build-time generation via tar.exe Replace the install-time CreateInitrd/RemoveInitrd custom actions with a build-time step that generates initrd.img using the Windows built-in tar.exe (libarchive/bsdtar) and ships it directly in the MSI. The install-time approach had a race condition: wsl.exe could launch before the CreateInitrd custom action completed, causing ERROR_FILE_NOT_FOUND for initrd.img. Changes: - Add CMake custom command to generate initrd.img via tar.exe --format=newc - Add initrd.img as a regular file in the MSI tools component - Remove CreateInitrd/RemoveInitrd custom actions from WiX, DllMain, and wslinstall.def - Remove CreateCpioInitrd helper and its tests (no longer needed) - Update pipeline build targets to build initramfs instead of init * pr feedback * more pr feedback * switch to using a powershell script instead of tar.exe * powershell script feedback * hopefully final pr feedback --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * virtiofs: update logic so querying virtiofs mount source does not require a call to the service (#14380) * virtiofs: update logic so querying virtiofs mount source does not require a call to the service * more pr feedback * use std::filesystem::read_symlink * pr feedback and use canonical path in virtiofs symlink * make sure canonical path is always used --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * virtio networking: add support for ipv6 (#14350) * VirtioProxy: Add IPv6 address, gateway, and route support - Add PreferredIpv6Address field and GetBestGatewayV6* methods to NetworkSettings - Extend GetHostEndpointSettings() to discover IPv6 unicast address and gateway - Add UpdateIpv6Address() using ModifyGuestEndpointSettingRequest<IPAddress> - Push IPv6 default route to guest via UpdateDefaultRoute(AF_INET6) - Remove AF_INET6 early return in ModifyOpenPorts, use INETADDR_PORT() - Add EndpointRoute::DefaultRoute() static factory - Pass client_ip_ipv6 in devicehost options (not yet parsed by devicehost) - Remove gateway_ip from devicehost options (only needed for DHCP) - Include IPv6 DNS servers in non-tunneling DNS settings - Add ConfigurationV6 and DnsResolutionAAAA tests * cleanup and add more ipv6 tests * added test coverage and minor updates * clang format * pr feedback * format source * pr feedback * test fixes --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Track `bind` syscall when port is 0 (#14333) * Initial work * . * pr feedback and add unit test * minor tweaks an fix use after free in logging statement * implement PR feedback * hopefully final pr feedback * pr feedback in test function * Address PR feedback: add try/catch to TrackPort and PortZeroBind queue push --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Add iptables to list of apps to install in WSL (#14459) There were instructions already on how to install tcpdump in WSL, but iptables are also needed for the log collection to be complete, so this PR adds instructions on how to also install iptables. Co-authored-by: Andre Muezerie <andremue@linux.microsoft.com> * Update Microsoft.WSL.DeviceHost to version 1.1.39-0 (#14460) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Moves all Ubuntu distros to the tar-based format (#14463) * Move all supported Ubuntu images to the new format We backported the build pipeline so all current LTSes come out in the new tar-based format * Remove the appx based distros All WSL users can run tar-based distros by now, right? There is no benefit in maintaining both formats. * Enable DNS tunneling for VirtioProxy networking mode (#14461) - Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress) - Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling is handled through the VirtioNetworking device host instead - Set DnsTunneling flag on VirtioNetworkingFlags so the device host knows to tunnel DNS - Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy - Bump DeviceHost package to 1.1.39-0 - Add VirtioProxy DNS test coverage for tunneling on/off - Skip GuestPortIsReleasedV6 on Windows 10 Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * test: disable LoopbackExplicit due to OS build 29555 regression (#14477) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Refactor: trim unnecessary DLL deps from COMMON_LINK_LIBRARIES (#14426) * Refactor: trim unnecessary DLL deps from COMMON_LINK_LIBRARIES - Split MSI/Wintrust install functions from wslutil.cpp into install.cpp - Remove MI.lib, wsldeps.lib, msi.lib, Wintrust.lib, computecore.lib, computenetwork.lib, Iphlpapi.lib from COMMON_LINK_LIBRARIES - Add per-target MSI_LINK_LIBRARIES, HCS_LINK_LIBRARIES, SERVICE_LINK_LIBRARIES - Delay-load msi.dll and WINTRUST.dll for wsl.exe and wslg.exe - Result: wslhost, wslrelay, wslcsdk, testplugin lose msi/wintrust startup imports; wsl.exe and wslg.exe defer msi/wintrust loading until actually needed; wslservice is the only target that imports computecore/computenetwork/Iphlpapi * minor fixes to install.cpp that were caught during PR * move to wsl::windows::common::install namespace --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Fix wsl stuck when misconfigured cifs mount presents (#14466) * detach terminal before running mount -a * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * use _exit on error before execv in child process to avoid unintentional resource release * Add regression test * Fix clang format issue * fix all clang format issue * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * resolve ai comments * move test to unit test * Fix string literal * Overwrite fstab to resolve pipeline missing file issue --------- Co-authored-by: Feng Wang <wangfen@microsoft.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Update localization and notice scripts to target the branch that the pipeline is running on (#14492) * test: Add arm64 test distro support (#14500) * test: Add arm64 test distro support * update unit test baseline * more test baseline updates --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * test: remove duplicated DNS test coverage (#14522) * test: remove duplicated DNS test coverage * format source --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Fix: Fail and warn the user when --uninstall is given parameters (#14524) Fail and warn the user when --uninstall is given parameters. * Localization change from build: 142847827 (#14525) Co-authored-by: WSL localization <noreply@microsoft.com> * virito net: revert to previous DNS behavior while we debug an issue with DNS over TCP (#14532) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * devicehost: update to latest devicehost nuget with tracing improvements (#14531) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * fix merge issues --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: AlmaLinux Autobot <107999298+almalinuxautobot@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Blue <OneBlue@users.noreply.github.com> Co-authored-by: WSL notice <noreply@microsoft.com> Co-authored-by: Daman Mulye <daman_mulye@hotmail.com> Co-authored-by: Andre Muezerie <108841174+andremueiot@users.noreply.github.com> Co-authored-by: Andre Muezerie <andremue@linux.microsoft.com> Co-authored-by: Carlos Nihelton <carlos.santanadeoliveira@canonical.com> Co-authored-by: Feng Wang <wang6922@outlook.com> Co-authored-by: Feng Wang <wangfen@microsoft.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * cleanup: rename wsla -> wslc (#14502) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * [CLI] Added support for entrypoint (#14552) * Added entrypoint * Enhance tests * Initial wslc settings support (#14548) * Various improvements to interactions with user-provided handles (#14486) * Save state * Add test coverage * Check the event under the lock * Apply PR feedback * Format * Apply PR feedback * Various improvements to PullImage() + custom registry support (#14549) * Save state * Save state * Handle issues during pull * Disable the pull tests * Update the CLI tests * Format * Fix legacy index logic * Add test coverage for failed PullImage() * Update test/windows/WSLCTests.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Use pre-imported container images in the tests to avoid hitting the API limit (#14561) * Use pre-imported container images in the tests to avoid hitting the API limit * Fix test case * Update test/windows/wslc/e2e/WSLCE2EImageBuildTests.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Correctly set FileOffsets in WriteHandle (#14562) * Correctly set FileOffsets in WriteHandle * Apply PR suggestions * Update Microsoft.WSL.DeviceHost to version 1.1.48-0 (#14575) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Allow retrieving state and init process info after container auto remove (#14429) Allow clients to continue reading stdout/stderr and querying state from containers after they've been deleted, by caching the read-only data in the com wrapper. * Fix StateChangedAt mismatch during container recovery from storage (#14482) * Use Docker's FinishedAt timestamp in Transition() to fix StateChangedAt mismatch during container recovery * Extract GetDockerFinishedAt() helper * Address Feedback * Fail if Docker event time is missing * Address copilot feedback * Use Docker stop event timestamp instead of InspectContainer() * Apply copilot feedback * PR Feedback * [WSLC] add WSLC CMake file in NuGet (#14543) Add WSLC SDK Config.cmake file. Enable developers to consume the library with CMake. * win10: remove IsWslSupportInterfacePresent check from wslservice (#14546) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Fix localization and notice pipelines to use full branch name (#14566) Build.SourceBranchName only returns the last segment after '/', breaking branches with slashes (e.g. user/benhill/loc_fix -> loc_fix). Use Build.SourceBranch with refs/heads/ stripped instead. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Remove the CTests targets from yaml-cpp (#14563) * Fix wrong enum type in DeleteExclusiveLockHeld (#40030) WSLCDeleteImageFlagsForce (from WSLCDeleteImageFlags enum) was used instead of WSLCDeleteFlagsForce (from WSLCDeleteFlags enum). Both values are currently 1, so no functional issue today, but this is a type confusion that will break silently if either enum changes. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Fix Content-Length truncation for Docker responses >4GB (#40033) std::stoul returns unsigned long (32-bit on Windows), truncating Content-Length values >4GB. This corrupts the socket stream for large image save/export operations. Replace with std::stoull to parse as 64-bit unsigned. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * wslc: resolve ContainerRecoveryFromStorage test issue by storing timestamp from docker, not the host (#40038) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Reject port mappings exceeding 63-port limit in relay (#40035) WaitForMultipleObjects has a 64-handle limit. The accept thread uses 1 handle for the exit event, leaving room for 63 port mappings. Reject new port mappings with ERROR_TOO_MANY_OPEN_FILES when the limit is reached, rather than crashing the relay thread. Existing mappings continue to work. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Add networking mode setting as fallback (#14564) * Fix partial write data loss in TTY stdin relay (#40032) When the TtyMaster fd is non-blocking, write() can return fewer bytes than requested (partial write). The existing code only handled the EAGAIN/EWOULDBLOCK case by buffering into pendingStdin, but silently dropped data on successful partial writes. Add handling for 0 < bytesWritten < bytesRead to buffer the unwritten bytes into pendingStdin, matching the existing retry logic. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Fix deadlock between WatchForExitedProcesses and VMProcessControl destructor (#14567) Use weak_ptr in m_trackedProcesses so WatchForExitedProcesses can safely lock a reference and call OnExited() outside m_trackedProcessesLock. weak_ptr avoids a circular reference: the vector no longer prevents VMProcessControl destruction, so the destructor's OnProcessReleased cleanup runs normally. Expired entries are also pruned in OnProcessReleased. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Clean up Docker container on Create() failure (#40034) * Clean up Docker container on Create() failure If InspectContainer or the WSLCContainerImpl constructor throws after CreateContainer succeeds, the Docker container is permanently orphaned with no way to manage it through WSLC APIs. Add a scope_exit to delete the Docker container on failure, released on success. * pr feedback (capture by value) --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * CLI: Implement --session argument and session targeting (#14368) * Remove options that are not yet implemented (#40044) * Add cancellation to image build (#14453) * wslc: enable virtiofs by default for wslc.exe and wslcsdk (#14559) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * wslc: fix TOCTOU race in cached COM wrapper getters (#40039) GetState/GetInitProcess/GetId/GetName could race with DisconnectComWrapper: the cache check saw empty, then disconnect populated the cache and nulled the impl, so the forwarded call failed with RPC_E_DISCONNECTED even though the cached value was now available. Fix by removing the upfront cache check and instead calling through to the impl first. If the call fails with RPC_E_DISCONNECTED, fall back to the cache which DisconnectComWrapper guarantees is populated. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Validate empty host path in VolumeMount::Parse (#40031) * Validate empty host path in VolumeMount::Parse When parsing volume mount specs without a mode suffix (e.g. ':container'), the host path validation was skipped, producing a VolumeMount with an empty host path. This would propagate to MountWindowsFolder('') and produce a confusing error. Add validation after computing m_hostPath to reject empty host paths with a clear error message in all cases. * add test coverage --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Update wslc build to look for Containerfile and Dockerfile (#40045) * Save state * Add test coverage * Rename method * Require input handle in the service * Apply PR feedback * Format * Apply PR feedback + update tests * Format * Implement WSLAContainer::Kill() (#14560) * Implement WSLAContainer::Kill() * Add test coverage * Format * Apply PR feedback * Fix a race in `container start -a` for short-lived containers. (#14558) * Localization change from build: 143374899 (#40049) Co-authored-by: WSL localization <noreply@microsoft.com> * [CLI] Add initial support for image saving feature (#14557) * Initial support for image save * Added e2e tests * Added session option * Clang format * Clang format * Addressed comments * CLang format * Change RegistryAuthenticationInformation to optional string (#40053) * Implement SDK CanRun (#14539) Implements `WslcCanRun` using existing primitives. Updates the component flag names to help better describe their meaning and adds comments to further do so. Also changes the error returned when we cannot create a `WSLASessionManager` and WSL is installed at a version below the minimum for WSLC support. * CLI: Create elevated and non-elevated sessions (#40047) * wslc Pretty-print JSON output for inspect and list commands (#40051) * Fix race condition in ContainerLogs test case (#40052) * Add support for build logs (#40054) * CLI: Table Output updates (#14534) * Use COM marshalling to exchange handles (#40056) * Prototype * Save state * Save state * Save state * Save state * Save state * Save state * Remove zeroing * Apply PR feedback * Add test coverage * Format * Add test coverage for null handles * wslc: ensure dns tunneling is disabled with virtioproxy networking mode (#40057) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Implement SDK inspect and VHD management (#14545) Implements `WslcInspectContainer` and `WslcCreateSessionVhd`; adds `WslcSetContainerSettingsNamedVolumes` so that the VHDs are useful. * CLI: Add Terminate Session command (#40058) * List and inspect named volumes (#14555) * CLI: Add table support to always show header, default true (#40061) * Keep track of handle types in the service (#40062) * Keep track of handle types in the service * Only duplicate on return * Format * Switch DmesgOutput to a WSLCHandle (#40063) * Add repository, tag, ID and created columns to image list output (#40043) * Add port mappings to container list output (#14438) * HostFileShareMode (#40068) * Fix and improve interactive tests (#40069) * Add a DllMain method to wslcsdk and configure tracelogging (#40070) * Add a DllMain method to wslcsdk and configure tracelogging * Explicitely initialize WIL * Fix race condition in ElevatedTokenCanOpenNonElevatedHandles test case (#40071) * Suppress MSI-initiated reboots during Store updates (#40074) When the WSL MSIX package is updated via the Microsoft Store, the WslInstaller service automatically upgrades the MSI package by calling MsiInstallProduct. This call was made with INSTALLUILEVEL_NONE (silent install) but without setting the REBOOT=ReallySuppress property. Per Windows Installer documentation, when a silent install encounters files in use and REBOOT is not suppressed, the system reboots automatically without any user prompt. This could cause unexpected machine restarts after a Store update when WSL binaries (e.g. wslservice.exe) were in use during the upgrade. Every deployment script in the repo already passes /norestart to msiexec (deploy-to-host.ps1, deploy-to-vm.ps1, install-latest-wsl.ps1, test-setup.ps1), but the programmatic MsiInstallProduct path used by the WslInstaller service lacked the equivalent property. This change: - Always appends REBOOT=ReallySuppress to MsiInstallProduct arguments in UpgradeViaMsi, preventing Windows Installer from ever initiating a system restart during install/upgrade. - Switches UninstallViaMsi from MsiConfigureProduct to MsiConfigureProductEx so we can pass REBOOT=ReallySuppress during uninstall as well. - Propagates ERROR_SUCCESS_REBOOT_REQUIRED (3010) to callers instead of swallowing it. User-facing paths (wsl --update, wsl --uninstall) print a reboot-needed message to stderr. The background WslInstaller service silently treats 3010 as success since it has no console. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Don't fail to start a WSLCSession if anonymous volumes are present (#40077) * Don't fail to start a WSLCSession if anonymous volumes are present * Typo * Cleanup diff * Cleanup diff * devicehost: stop re-signing and rely on MSIRMSHUTDOWN for file-in-use handling (#40080) * devicehost: stop re-signing and fix MSI installer failing to replace wsldevicehost.dll * pr feedback * use MSIRMSHUTDOWN = 1 instead of custom action --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Use THROW_HR_WITH_USER_ERROR for TTY console check (#40084) Replace manual PrintMessage + THROW_HR(E_FAIL) with the standard THROW_HR_WITH_USER_ERROR pattern used throughout the codebase. This ensures the error message is properly captured by the ExecutionContext error collection system rather than being printed directly to stderr. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Add week/month/year support to FormatRelativeTime (#40083) * Add week/month/year support to FormatRelativeTime Previously only handled seconds, minutes, hours, and days. Containers older than a week would show e.g. '720 days ago' instead of '2 years ago'. Now matches Docker-style output with weeks, months, and years. Also refactors repeated pluralization logic into a lambda. * Handle timestamp==0 sentinel in FormatRelativeTime Callers pass 0 to mean 'unknown' (e.g. ImageTasks when Created <= 0). Previously this would produce '56 years ago'. Now returns empty string. --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Remove dead code: SetContainerTTYOptions and SetContainerArguments (#40087) Both static functions in ContainerService.cpp are defined but never called from anywhere in the codebase. They appear to be remnants of an earlier implementation before the WSLCContainerLauncher and WSLCProcessLauncher classes took over this responsibility. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Fix callback parameter shadow in CreateInternal (#40086) * Remove unused callback parameter from CreateInternal The IProgressCallback* parameter was always passed as nullptr by both callers. The auto-pull path creates its own PullImageCallback locally. Remove the dead parameter entirely per review feedback. * format --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Allow small timestamp difference in ContainerRecoveryFromStorage test (#40081) * Allow small timestamp difference in ContainerRecoveryFromStorage test * feedback * Localization change from build: 143632468 (#40094) Co-authored-by: WSL localization <noreply@microsoft.com> * Release COM DLLs before installer test MSI operations (#40093) * Release COM DLLs before installer test MSI operations Add PrepareForMsiOperation() that calls CoFreeUnusedLibrariesEx(0) before each msiexec invocation. This releases in-process COM DLLs like wslserviceproxystub.dll loaded by prior test classes, preventing the Restart Manager from detecting the test process as holding file locks and failing the install on older Server SKUs like ni_release. * fix CoFreeUnusedLibrariesEx --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Localize all user-facing wslc.exe CLI strings (#40089) * Localize all user-facing wslc.exe CLI strings Add localization entries for all hardcoded user-facing strings in the WSLC CLI tool: - 38 command description strings (Short + Long for all commands) - 30 argument description strings in ArgumentDefinitions.h - Settings reset confirmation string - All entries added to en-US/Resources.resw with {Locked=...} comments for CLI flags, product names, and technical terms E2E tests updated to use Localization:: calls and dynamic column formatting instead of hardcoded string copies, so they won't go stale when descriptions change. * formatting --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Validate container path is absolute in VolumeMount::Parse (#40085) * Validate container path is absolute in VolumeMount::Parse Add validation that non-empty container paths must start with '/' since they are Linux paths inside the container. This catches cases where Windows drive letter colons (e.g. C:\path) get misinterpreted as the host:container separator, producing invalid container paths like '\hostPath' instead of '/containerPath'. Previously, 'C:\hostPath:ro' would silently parse as host='C', container='\hostPath', mode=ro ΓÇö now it throws a clear error. Updated tests to reflect the new validation and moved previously 'valid' but semantically incorrect cases to the invalid test set. * Also validate host path is absolute, add format hint to error, cover forward-slash cases - Reject non-absolute host paths (catches C:/hostPath where host='C') - Add 'Expected format:' hint to container path error message for consistency - Add forward-slash drive letter cases to invalid test set - Move '::' case to invalid (host=':' is not absolute) * Remove host path is_absolute check to allow future named volumes Per review feedback: named volumes (e.g. 'test_vol:/path') would fail an is_absolute() check on the host path. Keep only the container path validation (must start with '/') which doesn't conflict with named volume identifiers. --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Localization change from build: 143644543 (#40098) Co-authored-by: WSL localization <noreply@microsoft.com> * Initialize user option support and added E2E tests (#40101) * Init user option support * Init e2e test * Added more E2E Tests * Fix test * Clang format * Fix test * Rename test to UnknownGroup_Fails to reflect actual failure mode Agent-Logs-Url: https://github.com/microsoft/WSL/sessions/0e095692-5673-4e8f-ad7f-47deccb74ec9 Co-authored-by: AmelBawa-msft <104940545+AmelBawa-msft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Add logic to clean up images created during the tests (#40078) * Save state * Format * Log failures * Format * Add response size limit to Docker HTTP client (#40097) SendRequestAndReadResponse accumulates the entire response body into a std::string with no size limit. While all current callers expect small JSON metadata responses, a pathological or malformed response could cause unbounded memory growth. Add a 64 MB limit to prevent OOM. This is generous for JSON metadata (list/inspect/create responses are typically <1 MB) while still catching runaway responses early. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * [WSLC] Add --workdir / -w option to 'wslc exec' (#40041) * [WSLC] Add --workdir / -w option to 'wslc exec' Adds a --workdir (-w) argument to the exec command that sets the working directory inside the container for the executed process. Wires the value through ContainerOptions into WSLAProcessLauncher::SetWorkingDirectory. Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> Co-Authored-By: Claude Sonnet 4.6 * Update test/windows/wslc/CommandLineTestCases.h Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update test/windows/wslc/CommandLineTestCases.h Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix clang formatting issues * Update test/windows/wslc/WSLCCLIExecutionUnitTests.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Add E2E tests for wslc container exec, including --workdir option - Port existing exec E2E tests from feature branch - Add WSLCE2E_Container_Exec_WorkDir and WSLCE2E_Container_Exec_WorkDir_ShortAlias tests - Update help message in GetAvailableOptions to include -w,--workdir Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix clang formatting in WSLCE2EContainerExecTests.cpp Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Validate --workdir is non-empty; add unit and parse test cases - Reject empty or whitespace-only --workdir in Argument::Validate - Add ExecCommand_ParseWorkDirEmptyValue_ThrowsArgumentException unit test - Add empty-workdir failing case to CommandLineTestCases.h Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix clang formatting in CommandLineTestCases.h Co-Authored-By: Claude Sonnet 4.6 * Trim exec E2E tests to --workdir coverage only Remove tests that duplicate existing coverage in WSLCE2EContainerCreateTests.cpp. Keep only the help message test (validates --workdir appears in output) and the two workdir-specific E2E tests. Co-Authored-By: Claude Sonnet 4.6 * Missed change from merge conflict resolution * Fix --workdir whitespace validation to use std::iswspace for full Unicode coverage Agent-Logs-Url: https://github.com/microsoft/WSL/sessions/b21d1a57-bb3f-4a12-84cf-8e414a453890 Co-authored-by: ptrivedi <1638019+ptrivedi@users.noreply.github.com> * Use lambda with wint_t cast in iswspace call to avoid potential UB Agent-Logs-Url: https://github.com/microsoft/WSL/sessions/b21d1a57-bb3f-4a12-84cf-8e414a453890 Co-authored-by: ptrivedi <1638019+ptrivedi@users.noreply.github.com> * Missed change from merge conflict resolution * Address Copilot PR feedback - Revert Version ArgType alias from NO_ALIAS back to L"v" to preserve existing -v short option - Restore WSLCE2EContainerExecTests.cpp lost in merge conflict resolution Co-Authored-By: Pooja Trivedi * Update src/windows/wslc/services/ContainerService.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix ParserTest_StateMachine_PositionalForward: replace -v with -h in flag parse tests The -v short alias was removed from --verbose (changed to NO_ALIAS) to resolve a triple alias conflict with --version and --volume. The parser test cases in the Run argument set still used -v expecting it to resolve to --verbose, but since neither Version nor Volume are in the Run set, -v became unresolvable and caused unexpected parse failures. Replace -v with -h (help flag) in the flag parse test cases to preserve the same combined-flag parsing coverage with a valid short alias. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix E2E exec help test: add --user option after base branch merge After merging feature/wsl-for-apps, the --user argument is now active in ContainerExecCommand (from PR #40101). Update the expected exec help output to include -u,--user. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: ptrivedi <1638019+ptrivedi@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Implement wslc session enter (#40088) * Save state * Save state * Save state * Cleanup * Prepare for PR * Cleanup * Validate flags * Apply PR suggestions * Add comment * Remove include * Cleanup diff * Format * Format * Restore session flags * Make VMPortMapping::Unmap idempotent (#40091) * Make VMPortMapping::Unmap idempotent Null out Vm after unmapping so a second call is a no-op. This prevents double-unmap errors when ReleaseRuntimeResources is called from both OnEvent(Stop) and a concurrent Delete(Force) path. * Clear Vm before re-throwing on UnmapPort failure Use a scope_exit to null Vm so that Unmap() is truly idempotent even when UnmapPort() throws. Previously Vm stayed non-null on the failure path, causing subsequent Unmap() calls to retry and throw again. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Correctly handle empty arguments & entrypoint when launching containers (#40122) * Correctly handle empty arguments & entrypoint when launching containers * Apply PR feedback * Add logic to reject invalid flags (#40100) * Add logic to reject invalid flags * Simplify tests * Use macros * Format * Format * wslc: implement dns tunneling for virtio proxy networking mode (#40104) * wslc: implement dns tunneling for virtio proxy networking mode This change implements dnstunneling for the virtio proxy networking mode. For now, this implementation uses the same socket-based approach, but in the fututure this will be moved over to the built-in dns support that is part of the wsldevicehost dll. * wslc: enable DNS tunneling by default for virtio proxy Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove unused DNS test helpers VerifyDnsResolutionDig and VerifyDnsResolutionRecordTypes are dead code — VerifyDnsQueries is the superset that covers all record types and TCP/UDP modes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * [WSLC] Add 'wslc version' subcommand (#14547) * [WSLC] Add 'wslc version' subcommand Adds a 'version' subcommand to the WSLC CLI as an alternative to the existing '--version' flag, following the subcommand pattern used by other WSLC commands. Includes unit tests for command structure and command-line parsing. Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> Co-Authored-By: Claude Sonnet 4.6 * [WSLC] Fix E2E help/invalid-command tests after version subcommand addition Update expected help output in WSLCE2EGlobalTests to include the newly added 'version' subcommand, fixing WSLCE2E_HelpCommand and WSLCE2E_InvalidCommand_DisplaysErrorMessage test failures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [WSLC] Add E2E version command test and strengthen unit test - Add WSLCE2E_VersionCommand E2E test in WSLCE2EGlobalTests verifying stdout, empty stderr, and exit code for 'wslc version' - Add assertion to VersionCommand_HasNoArguments unit test to verify only the auto-added --help argument is present Authored-By: Pooja Trivedi <trivedipooja@microsoft.com> Co-Authored-By: Claude Sonnet 4.6 * Mark 'context' as UNREFERENCED_PARAMETER in VersionCommand::ExecuteInternal to avoid build issues * Address PR feedback on wslc version command - Use Localization::WSLCCLI_VersionDesc/LongDesc instead of hard-coded strings; add entries to en-US Resources.resw - Centralize version printing in VersionCommand::PrintVersion(); reuse from RootCommand --version flag - Drop 'v' prefix from version output per OneBlue's feedback - Add 'version' entry to E2E GetAvailableCommands() to fix WSLCE2E_HelpCommand and WSLCE2E_InvalidCommand_DisplaysErrorMessage Co-Authored-By: Pooja Trivedi * Fix build: add missing using namespace wsl::shared Localization::WSLCCLI_VersionDesc() and WSLCCLI_VersionLongDesc() live in wsl::shared::Localization. Without this using directive the compiler cannot resolve the unqualified Localization:: references in VersionCommand.cpp. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add E2E test for --version flag (#40125) * Add E2E test for --version flag Ensures both entry points (the 'version' subcommand and the '--version' flag) are covered by E2E tests, preventing the two paths from drifting. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix newline --------- Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update WSLCCreateSession event to critical. (#40065) * Updated event to critical * Updated event * Apply suggestion from @craigloewen-msft * Revert "Apply suggestion from @craigloewen-msft" This reverts commit 7800a3558725c71ef58cb5229e74e98d97fa16b3. * [CLI] Initialize tmpfs support (#40128) * Init tmpfs support * Resolve copilot comment * Fail the session creation if the virtionet interface can't be initialized (#40124) * Fail the session creation if the virtionet interface can't be initialized * Apply PR feedback * Add DCOM LaunchPermission for WSLCSessionFactory (#40134) * Add DCOM LaunchPermission for WSLCSessionFactory WSLCSessionFactory (wslcsession.exe) was registered without an AppId or explicit DCOM LaunchPermission. When wslservice (SYSTEM) impersonates a non-interactive caller such as Network Service and calls CreateComServerAsUser to launch the per-user session factory, DCOM falls back to machine-default launch permissions which do not include service accounts. This causes E_ACCESSDENIED during session creation. Add an AppId with the same LaunchPermission and AccessPermission SDDL used by the other WSL COM servers (LxssUserSession, WSLCSessionManager, WslDeviceHost), granting launch/activate rights to Authenticated Users (AU), Principal Self (PS), and Local System (SY). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Extract DCOM permission blob into CMake variable The same binary security descriptor was duplicated 8 times across 4 AppId registrations. Extract it into a DCOM_PERMISSION CMake variable defined in msipackage/CMakeLists.txt so future permission changes only need one edit. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix race condition when building multiple IDL files (#40130) * Fix race condition when building multiple IDL files * Use the header as output * Use a single target * Use a separate command to set the stamp file * Remove stamp file * CLI: Fix forwarded args beginning with '-' from being a parser error (#40131) * Refactor tests: use TAEF metadata for WSL version filtering (#40129) Replace runtime WSL2_TEST_ONLY()/WSL1_TEST_ONLY() skip macros with TAEF metadata-based test selection. Tests that don't apply to the current WSL version are now excluded by /select: queries at selection time rather than skipped at runtime, eliminating hundreds of 'skipped' results from test output. Changes: - Add WSL2_TEST_METHOD, WSL1_TEST_METHOD, WSLC_TEST_METHOD macros in Common.h that tag tests with WSLVersion metadata property - Convert ~430 test methods across 26 files to use new macros - Update run-tests.ps1 to auto-add /select: version filter - Update CloudTest XML configs with version selection queries - Remove WSL2_TEST_ONLY() from composite macros in NetworkTests.cpp - Update test README with new macro documentation Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix tmpfs tests to use WSLC_TEST_METHOD macro (#40143) Replace WSL2_TEST_ONLY() runtime skip macro (removed in #40129) with WSLC_TEST_METHOD metadata macro in tmpfs tests added by #40128. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove cloudtest notifications sent to lowdev (#40046) * Remove build notifications sent to lowdev * Use GH email * Use VSO email * Log email * Iterate * Remove notification entirely * CLI: Add initial support for image tag command (#14416) * Initial support for image tag command * Init test * Init e2e test * Adde E2E tests * Added more tests * Added more tests * Resolve copilot comment * Clang format * Clang format * Fix build * Update parser * Update loc * Fix test * Added more tests * Clang format * Loc * Addressed comments * Add support for mounting files and non-existing folders as volumes (#40137) * Save state * Prepare for PR * Apply PR feedback * Add test coverage for restored containers * Merge * Reset m_dockerdProcess when terminating a session (#40146) * Fix incorrect --detach description in container run help text (#40149) The help text for 'wslc container run' incorrectly stated that containers start in the background by default and --detach runs in the foreground. The actual behavior (confirmed by ContainerService.cpp) is the opposite: containers start attached (foreground) by default, and --detach runs them in the background. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add preview disclaimer to WSLC SDK header and NuGet package (#40153) Add preview notice to wslcsdk.h header comment block, NuGet README, and nuspec description to clearly communicate that the WSLC SDK API is subject to breaking changes during the preview period. Also fix incorrect header filename reference in README (WSLCApi.h -> wslcsdk.h). Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix API review issues in wslcsdk.h and wslcsdk.cpp (#40150) - Add missing SAL annotations to WslcGetContainerID (_In_, _Out_writes_) - Fix typo: 'recieve' -> 'receive' in WslcStdIOCallback documentation - Fix parameter naming: 'NameOrId' -> 'nameOrId' to match lowercase convention used by all other API parameters Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add wslcsession.exe to diagnostic log collection (#40151) Include the WSLC session service process in the list of executables that collect-wsl-logs.ps1 captures memory dumps for. This improves diagnostics for container-related issues where the session service state is relevant. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Initial prune image support in wslc service (#40132) * Improve errors returned from WSLCContainer (#40147) * Improve container state errors * Add wslc.exe test coverage * Fix localization file * Apply PR suggestions * Format * Add negative test cases for WSLC SDK error paths (#40152) Add 10 new WSLC SDK tests covering critical error handling gaps: - Null handle release/terminate (session, container, process) - Container creation with null session - Stop container with invalid signal value - Exec process on stopped container - Duplicate container name rejection - Delete running container without force flag - Delete non-existent image - Pull with invalid image name/registry URL These tests verify that the SDK properly rejects invalid inputs and returns appropriate error codes rather than crashing. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix SDK tests to use new WSLC_E_CONTAINER error codes (#40165) * Enhance and organize test execution (#40108) * container attach * Enhance tests * Move more tests to run * Init exec * Clang format * Resolve copilot comment * Replace S_OK with 0 * Added error messages * Resolve copilot comment * Clang format * Fix tests * Resolve copilot comment * Fix incorrect regeneration for IDL targets (#40148) * Add registry authentication in runtime (#40123) * wslc: prevent session name squatting for default WSLc sessions (#40144) * Prevent session name squatting for default WSLc sessions - Server now determines default session name and settings from caller's token, preventing malicious users from squatting reserved session names - CreateSession rejects explicit use of reserved names (wslc-cli, wslc-cli-admin) with case-insensitive E_ACCESSDENIED check - Null StoragePath remains valid for ephemeral sessions; empty string is rejected as E_INVALIDARG - Add dedicated EnterSession API with null/empty parameter validation - Early return optimization: skip YAML parse if default session exists - Inline BuildFeatureFlags into SessionSettings constructor - Extract UserSettings into shared wslcsettings library used by both wslc.exe and wslservice.exe - Move EnumVariantMap.h to common - Fix std::terminate crash in CustomDmesgOutput test when CreateSession fails by adding a scope_exit guard to join the reader thread - Add session name squatting E2E test with case-insensitive coverage Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR feedback: per-user session names, custom error codes, impersonation - Append username to default session names so different users don't collide (e.g. wslc-cli-alice, wslc-cli-admin-bob) [OneBlue] - Impersonate caller when loading settings.yaml server-side [OneBlue] - Factor name resolution into ResolveDefaultSessionName helper [OneBlue] - Add WSLC_E_SESSION_RESERVED and WSLC_E_INVALID_SESSION_NAME error codes for better diagnosability [dkbennett] - Use prefix-based reserved name check (blocks all wslc-cli-* names) - Fix pre-existing HostFileShareMode namespace qualification bug - Remove unused variable in GetDefaultStoragePath test helper [Copilot] - Update all E2E tests for username-qualified session names Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix port conflict error message and cleanup on failure (#40102) * Don't return catch-all error messages for non-WSL specific error codes (#40163) * Don't return catch-all error messages for non-WSL specific error codes * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update test error message expectations to match actual behavior - ImportDistro: Remove 'Failed to create disk' wrapper since the error occurs before CreateVhd, producing only the raw system error message - ModernDistroInstall: Update to raw Win32 message for ERROR_ALREADY_EXISTS since the mapping was removed from GetErrorString and InstallDistro path doesn't use THROW_HR_WITH_USER_ERROR Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update test messages * Format * Update localization/strings/en-US/Resources.resw Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Apply new string name * Use the right error message for wsl1 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Richfr/ Add windowsAddress support to WslcCreateContainer() API (#40037) * Portmapping: add windowsAddress support * Portmapping: add windowsAddress support * Addressing PR feedback: update wslcsdk.cpp * Addressing clang formatting error * Providing default values for port bindings: wslcsdk.cpp * Added new function InetNtopToHresult() to map inet result error values to the correct HRESULTS * return family name if socket address is invalid * Removed unnecessasry variable bindingAddressStrings. Also, commented that convertedPorts must stay in same scope as containerOptions and moved the declaration to be with that var * Fixed clang formatting errors * Added WSLC Sdk API tests for WslcContainerPortMapping.windowsAddress for Ipv4 and Ipv6 local host. * Add unique name to containerSettings var to make test debugging from log reports easier. * Adjust AF_UNIX portmapping test so that it fails if value accepted * Return more accurate strncpy_s error result * Improved error return value of IP address verification * Provide better error reporting * Respond to misc copilot feedback * Resolving merge after syncing with origin * Adjusted error messages * Removed 2 unnecessary lines of code * Mark internal function as static to avoid external linkage --------- Co-authored-by: Richard Fricks <richfr@microsoft.com> * Add support for --no-cache in BuildImage() & wslc.exe (#40174) * Add support for --no-cache in BuildImage() & wslc * Update test/windows/WSLCTests.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Add try / CATCH_LOG() to the child logic when handling a WSLC_FORK message (#40180) * Add try / CATCH_LOG() to the child logic when handling a WSLC_FORK message * Propagate exceptions on failure * wslc: add --workdir/-w support to container create and run (#40190) Extends the --workdir flag (already supported by container exec) to the container create and run commands, passing the working directory through to the container launcher. Adds CLI parse tests, unit tests, and E2E tests for both commands. Co-Authored-By: Claude Sonnet Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> * Fix test cleanup by deleting a file left behind (#40191) * Update volume APIs to match docker arguments (#40181) * Always show container logs during image builds (#40186) * Add logic to keep track of COM callbacks and cancel them if the sessi… (#40183) * Add logic to keep track of COM callbacks and cancel them if the session is terminating * Apply PR feedback * Format * Reset the test session * Apply PR feedback * Apply PR suggestions * CLI: Relative volume path support, improved error detection and messaging, more volume tests (#40193) * Bump Microsoft.NETCore.App.Runtime to 10.0.6 (CVE-2026-32178) (#40203) Update Microsoft.NETCore.App.Runtime.win-x64 and Microsoft.NETCore.App.Runtime.win-arm64 from 10.0.4 to 10.0.6 to resolve CVE-2026-32178 (.NET Spoofing Vulnerability). Fixes Dependabot alerts #12 and #13. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Change image size to match docker image size calculation (#40210) * Add `wslc login`, `wslc logout`, and `wslc push` commands for registry authentication (#40173) * Remove unused Elevated parameter from SessionSettings::Default (#40205) The Elevated parameter was passed to SessionSettings::Default() but never referenced in the function body. The elevation state is already encoded in the resolved session name (via ResolveDefaultSessionName which uses DefaultAdminSessionName for elevated tokens), making this parameter redundant dead code. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add missing trailing newlines to source files (#40202) Several files were missing the POSIX-required trailing newline, causing 'No newline at end of file' warnings from git and some compilers. Files fixed: - WSLCVhdVolume.cpp - WSLCVhdVolume.h - WSLCVolumeMetadata.h - ImageTagCommand.cpp - wslutil.cpp - CMakeLists.txt (service/exe) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix empty string UB in ParseSizeBytes and missing null check in PruneContainers (#40204) Two bugs found during deep review: 1. WSLCVhdVolume.cpp ParseSizeBytes: accessing value[0] without checking if the string is empty causes undefined behavior. An empty SizeBytes driver option would trigger a read past the end of the string. Add value.empty() guard before the sign check. 2. WSLCSession.cpp PruneContainers: the Result output parameter is dereferenced without null validation, unlike the analogous PruneImages method which correctly checks all output pointers. Add RETURN_HR_IF_NULL and ZeroMemory initialization to match the established pattern. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * wslc: remove redundant short-alias E2E tests for --workdir (#40192) * wslc: add --workdir/-w support to container create and run Extends the --workdir flag (already supported by container exec) to the container create and run commands, passing the working directory through to the container launcher. Adds CLI parse tests, unit tests, and E2E tests for both commands. Co-Authored-By: Claude Sonnet * wslc: remove redundant short-alias E2E tests for --workdir Short-alias (-w) coverage is already provided by the help message test method and CLI parse tests. Remove the duplicate E2E tests for container create and run per reviewer feedback. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Pooja Trivedi <trivedipooja@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add test coverage for LoadImage/ImportImage on process exit/session terminate (#40172) * Add test covergae for LoadImage/ImportImage on process exit/session terminate * fix handle read interupt * do not leak container * Add --pull and --target flags to image build (#40216) * Fix wslc port relay buffer size to match non-WSLC relay path (#40217) * CLI: Make image save output optional (#40194) * Image save optional output * Clang format * Update test/windows/wslc/e2e/WSLCE2EImageSaveTests.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix terminal detection in CI for WSLCE2E_Image_Save_ToTerminal_Fail test - Open CONOUT$ as child stdout in RunWslcAndRedirectToFile when no output path is given, so IsConsoleHandle() returns true in the child process regardless of how CI redirects the test runner's stdout - Fix SavedArchivePath.wstring() -> SavedArchivePath in WSLCE2E_Image_Save_ToStdout_Load - Quote output path in effectiveCommandLine for diagnostic clarity Agent-Logs-Url: https://github.com/microsoft/WSL/sessions/f94556e1-9acd-40f1-89bd-349e238e92f3 Co-authored-by: AmelBawa-msft <104940545+AmelBawa-msft@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * wslc: add network create, delete, and list (#40179) * Change help flag (#40236) * Fix bugs found during code review of feature/wsl-for-apps (#40248) - Fix wrong variable in waitpid check (init.cpp): Used 'Result' (poll return value) instead of 'Pid' (waitpid return value), causing incorrect SIGCHLD handling that could miss child exits or fail to detect init termination. - Fix missing semicolon after LOG_ERROR (WSLCInit.cpp): Missing statement terminator would cause compilation failure on Linux builds. - Fix misleading test comment (WSLCTests.cpp): Comment referenced port 1234 but the test actually validates port 1236 cleanup after bind failure. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * CLI: TableOutput unit tests (#40095) * Initial prune image cli command (#40239) * Use WSLC_E_CONTAINER_NOT_FOUND when a container is not found (#40251) * Use WSLC_E_CONTAINER_NOT_FOUND when a container is not found * Format * Add DeleteVolumes flag to container deletion API (#40232) * Start containerd before dockerd (#40237) Instead of letting dockerd manage its own embedded containerd, this starts containerd as a separate process first and points dockerd at its socket (--containerd /run/containerd/containerd.sock). My testing shows ~1s improvement with this. * cp * clang * clang * clang3 * event name --------- Co-authored-by: Darshak Bhatti <dabhatti@micorsoft.com> * Merge latest master into feature/wsl-for-apps (#40254) * test: enable virtiofs tests and enable WSLG during testing (#14387) * test: enable virtiofs tests and enable WSLG during testing * test fix --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * chore(distributions): Almalinux auto-update - 20260311 14:52:02 (#14404) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Fix CVE-2026-26127: bump .NET runtime from 10.0.0 to 10.0.4 (#14421) Addresses Dependabot alerts #10 and #11. The Microsoft.NETCore.App.Runtime packages (win-x64 and win-arm64) at version 10.0.0 are vulnerable to a denial of service via out-of-bounds read when decoding malformed Base64Url input (CVSS 7.5 High). Bumped to 10.0.4 which includes the fix. Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Notice change from build: 141806547 (#14423) Co-authored-by: WSL notice <noreply@microsoft.com> * Ship initrd.img in MSI using build-time generation via powershell script (#14424) * Ship initrd.img in MSI using build-time generation via tar.exe Replace the install-time CreateInitrd/RemoveInitrd custom actions with a build-time step that generates initrd.img using the Windows built-in tar.exe (libarchive/bsdtar) and ships it directly in the MSI. The install-time approach had a race condition: wsl.exe could launch before the CreateInitrd custom action completed, causing ERROR_FILE_NOT_FOUND for initrd.img. Changes: - Add CMake custom command to generate initrd.img via tar.exe --format=newc - Add initrd.img as a regular file in the MSI tools component - Remove CreateInitrd/RemoveInitrd custom actions from WiX, DllMain, and wslinstall.def - Remove CreateCpioInitrd helper and its tests (no longer needed) - Update pipeline build targets to build initramfs instead of init * pr feedback * more pr feedback * switch to using a powershell script instead of tar.exe * powershell script feedback * hopefully final pr feedback --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * virtiofs: update logic so querying virtiofs mount source does not require a call to the service (#14380) * virtiofs: update logic so querying virtiofs mount source does not require a call to the service * more pr feedback * use std::filesystem::read_symlink * pr feedback and use canonical path in virtiofs symlink * make sure canonical path is always used --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * virtio networking: add support for ipv6 (#14350) * VirtioProxy: Add IPv6 address, gateway, and route support - Add PreferredIpv6Address field and GetBestGatewayV6* methods to NetworkSettings - Extend GetHostEndpointSettings() to discover IPv6 unicast address and gateway - Add UpdateIpv6Address() using ModifyGuestEndpointSettingRequest<IPAddress> - Push IPv6 default route to guest via UpdateDefaultRoute(AF_INET6) - Remove AF_INET6 early return in ModifyOpenPorts, use INETADDR_PORT() - Add EndpointRoute::DefaultRoute() static factory - Pass client_ip_ipv6 in devicehost options (not yet parsed by devicehost) - Remove gateway_ip from devicehost options (only needed for DHCP) - Include IPv6 DNS servers in non-tunneling DNS settings - Add ConfigurationV6 and DnsResolutionAAAA tests * cleanup and add more ipv6 tests * added test coverage and minor updates * clang format * pr feedback * format source * pr feedback * test fixes --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Track `bind` syscall when port is 0 (#14333) * Initial work * . * pr feedback and add unit test * minor tweaks an fix use after free in logging statement * implement PR feedback * hopefully final pr feedback * pr feedback in test function * Address PR feedback: add try/catch to TrackPort and PortZeroBind queue push --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Add iptables to list of apps to install in WSL (#14459) There were instructions already on how to install tcpdump in WSL, but iptables are also needed for the log collection to be complete, so this PR adds instructions on how to also install iptables. Co-authored-by: Andre Muezerie <andremue@linux.microsoft.com> * Update Microsoft.WSL.DeviceHost to version 1.1.39-0 (#14460) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Moves all Ubuntu distros to the tar-based format (#14463) * Move all supported Ubuntu images to the new format We backported the build pipeline so all current LTSes come out in the new tar-based format * Remove the appx based distros All WSL users can run tar-based distros by now, right? There is no benefit in maintaining both formats. * Enable DNS tunneling for VirtioProxy networking mode (#14461) - Allow VirtioProxy to keep EnableDnsTunneling=true in config, but clear socket-specific options (BestEffortDnsParsing, DnsTunnelingIpAddress) - Suppress dedicated DNS tunneling hvsocket for VirtioProxy; tunneling is handled through the VirtioNetworking device host instead - Set DnsTunneling flag on VirtioNetworkingFlags so the device host knows to tunnel DNS - Expand SWIOTLB kernel cmdline to cover VirtioFs and VirtioProxy - Bump DeviceHost package to 1.1.39-0 - Add VirtioProxy DNS test coverage for tunneling on/off - Skip GuestPortIsReleasedV6 on Windows 10 Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * test: disable LoopbackExplicit due to OS build 29555 regression (#14477) Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> * Refactor: trim unnecessary DLL deps from COMMON_LINK_LIBRARIES (#14426) * Refactor: trim unnecessary DLL deps from COMMON_LINK_LIBRARIES - Split MSI/Wintrust install functions from wslutil.cpp into install.cpp - Remove MI.lib, wsldeps.lib, msi.lib, Wintrust.lib, computecore.lib, computenetwork.lib, Iphlpapi.lib from COMMON_LINK_LIBRARIES - Add per-target MSI_LINK_LIBRARIES, HCS_LINK_LIBRARIES, SERVICE_LINK_LIBRARIES - Delay-load msi.dll and WINTRUST.dll for wsl.exe and wslg.exe - Result: wslhost, wslrelay, wslcsdk, testplugin lose msi/wintrust startup imports; wsl.exe and wslg.exe defer msi/wintrust loading until actually needed; wslservice is the only target that imports computecore/computenetwork/Iphlpapi * minor fixes to install.cpp that were caught during PR * move to wsl::windows::co…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security
Bump
Microsoft.NETCore.App.Runtime.win-x64andMicrosoft.NETCore.App.Runtime.win-arm64from 10.0.4 to 10.0.6 to fix:Resolves Dependabot alerts #12 and #13.
Testing
Package version bump only. No code changes.