CCv0: Merge main into CCv0 branch

Merge remote-tracking branch 'upstream/main' into CCv0 Fixes: #5824 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2026-01-23 08:14:35 +01:00 · 2022-12-02 16:15:39 +00:00
parent d910a79a3f 8246de821f
commit 578ee62da2
105 changed files with 4977 additions and 562 deletions
--- a/src/runtime/virtcontainers/acrn.go
+++ b/src/runtime/virtcontainers/acrn.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/acrn_arch_base.go
+++ b/src/runtime/virtcontainers/acrn_arch_base.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/acrn_test.go
+++ b/src/runtime/virtcontainers/acrn_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/agent.go
+++ b/src/runtime/virtcontainers/agent.go
@@ -9,13 +9,13 @@ import (
 	"syscall"
 	"time"

+	"context"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
 	persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
 	pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
 )

 type newAgentFuncKey struct{}
--- a/src/runtime/virtcontainers/clh.go
+++ b/src/runtime/virtcontainers/clh.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Ericsson Eurolab Deutschland GmbH
 //
--- a/src/runtime/virtcontainers/clh_test.go
+++ b/src/runtime/virtcontainers/clh_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Ericsson Eurolab Deutschland G.m.b.H.
 //
--- a/src/runtime/virtcontainers/fc.go
+++ b/src/runtime/virtcontainers/fc.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/fc_metrics.go
+++ b/src/runtime/virtcontainers/fc_metrics.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2020 Ant Group
 //
--- a/src/runtime/virtcontainers/fc_test.go
+++ b/src/runtime/virtcontainers/fc_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/ipvlan_endpoint.go
+++ b/src/runtime/virtcontainers/ipvlan_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/ipvlan_endpoint_test.go
+++ b/src/runtime/virtcontainers/ipvlan_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/kata_agent.go
+++ b/src/runtime/virtcontainers/kata_agent.go
@@ -23,7 +23,6 @@ import (
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
 	volume "github.com/kata-containers/kata-containers/src/runtime/pkg/direct-volume"
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace"
-	resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol"
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/uuid"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
 	persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
@@ -35,10 +34,10 @@ import (
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils"

+	"context"
 	"github.com/gogo/protobuf/proto"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"golang.org/x/sys/unix"
 	"google.golang.org/grpc/codes"
 	grpcStatus "google.golang.org/grpc/status"
@@ -938,18 +937,19 @@ func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool, str
 		grpcSpec.Linux.Resources.CPU.Mems = ""
 	}

+	// We need agent systemd cgroup now.
 	// There are three main reasons to do not apply systemd cgroups in the VM
 	// - Initrd image doesn't have systemd.
 	// - Nobody will be able to modify the resources of a specific container by using systemctl set-property.
 	// - docker is not running in the VM.
-	if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
-		// Convert systemd cgroup to cgroupfs
-		slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
-		// 0 - slice: system.slice
-		// 1 - prefix: docker
-		// 2 - name: abc123
-		grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
-	}
+	// if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
+	// 	// Convert systemd cgroup to cgroupfs
+	// 	slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
+	// 	// 0 - slice: system.slice
+	// 	// 1 - prefix: docker
+	// 	// 2 - name: abc123
+	// 	grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
+	// }

 	// Disable network namespace since it is already handled on the host by
 	// virtcontainers. The network is a complex part which cannot be simply
--- a/src/runtime/virtcontainers/kata_agent_test.go
+++ b/src/runtime/virtcontainers/kata_agent_test.go
@@ -573,7 +573,7 @@ func TestAppendVhostUserBlkDevices(t *testing.T) {

 func TestConstrainGRPCSpec(t *testing.T) {
 	assert := assert.New(t)
-	expectedCgroupPath := "/foo/bar"
+	expectedCgroupPath := "system.slice:foo:bar"

 	g := &pb.Spec{
 		Hooks: &pb.Hooks{},
--- a/src/runtime/virtcontainers/macvlan_endpoint.go
+++ b/src/runtime/virtcontainers/macvlan_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/macvlan_endpoint_test.go
+++ b/src/runtime/virtcontainers/macvlan_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/macvtap_endpoint.go
+++ b/src/runtime/virtcontainers/macvtap_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/macvtap_endpoint_test.go
+++ b/src/runtime/virtcontainers/macvtap_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/mock_agent.go
+++ b/src/runtime/virtcontainers/mock_agent.go
@@ -9,13 +9,13 @@ import (
 	"syscall"
 	"time"

+	"context"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
 	persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
 	pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
 )

 // mockAgent is an empty Agent implementation, for testing and
--- a/src/runtime/virtcontainers/physical_endpoint.go
+++ b/src/runtime/virtcontainers/physical_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/physical_endpoint_test.go
+++ b/src/runtime/virtcontainers/physical_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2016 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_amd64_test.go
+++ b/src/runtime/virtcontainers/qemu_amd64_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arch_base.go
+++ b/src/runtime/virtcontainers/qemu_arch_base.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arch_base_test.go
+++ b/src/runtime/virtcontainers/qemu_arch_base_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arm64.go
+++ b/src/runtime/virtcontainers/qemu_arm64.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arm64_test.go
+++ b/src/runtime/virtcontainers/qemu_arm64_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_ppc64le.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_ppc64le_test.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_s390x.go
+++ b/src/runtime/virtcontainers/qemu_s390x.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_s390x_test.go
+++ b/src/runtime/virtcontainers/qemu_s390x_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_test.go
+++ b/src/runtime/virtcontainers/qemu_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2016 Intel Corporation
 //
--- a/src/runtime/virtcontainers/tap_endpoint.go
+++ b/src/runtime/virtcontainers/tap_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Huawei Corporation
 //
--- a/src/runtime/virtcontainers/tuntap_endpoint.go
+++ b/src/runtime/virtcontainers/tuntap_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Huawei Corporation
 // Copyright (c) 2019 Intel Corporation
--- a/src/runtime/virtcontainers/utils/utils.go
+++ b/src/runtime/virtcontainers/utils/utils.go
@@ -399,7 +399,7 @@ func MkdirAllWithInheritedOwner(path string, perm os.FileMode) error {
 		info, err := os.Stat(curPath)

 		if err != nil {
-			if err = os.Mkdir(curPath, perm); err != nil {
+			if err = os.MkdirAll(curPath, perm); err != nil {
 				return fmt.Errorf("mkdir call failed: %v", err.Error())
 			}
 			if err = syscall.Chown(curPath, uid, gid); err != nil {
--- a/src/runtime/virtcontainers/utils/utils_linux_generic.go
+++ b/src/runtime/virtcontainers/utils/utils_linux_generic.go
@@ -1,5 +1,4 @@
 //go:build amd64 || arm64 || s390x || !ppc64le
-// +build amd64 arm64 s390x !ppc64le

 // Copyright (c) 2019 IBM
 //
--- a/src/runtime/virtcontainers/veth_endpoint.go
+++ b/src/runtime/virtcontainers/veth_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/veth_endpoint_test.go
+++ b/src/runtime/virtcontainers/veth_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/vhostuser_endpoint.go
+++ b/src/runtime/virtcontainers/vhostuser_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/vhostuser_endpoint_test.go
+++ b/src/runtime/virtcontainers/vhostuser_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //