aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-21 08:14:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,569 Commits 30 Branches 115 Tags
patch-1
Commit Graph

3879 Commits

Author SHA1 Message Date
Bin Liu
407e46b1b7 Merge pull request #5218 from bergwolf/github/deps 
runtime/runtime-rs: update dependency
 2022-09-27 11:02:46 +08:00
Bin Liu
a2f207b923 Merge pull request #5163 from liubin/fix/5162-add-test-for-StaticResource 
runtime-rs: add test for StaticResource
 2022-09-26 17:44:20 +08:00
Zhongtao Hu
9d67f5a7e2 Merge pull request #5230 from openanolis/nohc 
runtime-rs: remove hardcoded string
 2022-09-26 16:01:41 +08:00
quanweiZhou
ad87c7ac56 Merge pull request #5206 from openanolis/hypervisor/readme 
docs: add README for runtime-rs hypervisor crate
 2022-09-26 16:01:12 +08:00
Bin Liu
5a98fb8d2b Merge pull request #5186 from liubin/fix/5185 
runtime-rs: use Path.is_file to check regular files
 2022-09-26 12:33:47 +08:00
Zhongtao Hu
4a36bb9e21 Merge pull request #4924 from openanolis/runtime-rs-netUT 
runtime-rs: add unit tests for network resource
 2022-09-23 17:45:24 +08:00
Zhongtao Hu
274de024c5 docs: add README for runtime-rs hypervisor crate 
add README for runtime-rs hypervisor crate

Fixes:#4634
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-09-23 15:20:02 +08:00
Chao Wu
9cf5de0b4e Merge pull request #5171 from liubin/fix/5170-use-macro 
runtime-rs/resource: use macro to reduce duplicated code
 2022-09-23 10:59:53 +08:00
wangyongchao.bj
04bbce8dc3 virtcontainers: add warn log record for qmp hotplug cpu error 
The qmp command of hotplug cpu failed error was hidden. It didn't friendly for
the user tracing the hotplug cpu error. The PR help us to improve the hotplug
cpu error log. Add real qemu command error log for `failed to hot add vCPUs`.
Through the error message, we can get the reason of the failed qmp command
 for hotplug cpu operation.

Fixes: #5234

Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
 2022-09-23 08:22:30 +08:00
Chelsea Mafrica
de869f2565 Merge pull request #5188 from liubin/fix/5187-incorrect-comments-in-kata-types-hypervisor 
runtime-rs: fix incorrect comments
 2022-09-22 14:09:20 -07:00
Zhongtao Hu
d663f110d7 kata-deploy: get the config path from cri options 
get the config path for runtime-rs from cri options

Fixes: #5000
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-09-22 17:39:25 +08:00
Ji-Xinyou
46965739a4 runtime-rs: remove hardcoded string 
Use KATA_PATH instead of "run/kata"

Fixes: #5229
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-09-22 16:06:51 +08:00
Zhongtao Hu
a394761a5c kata-deploy: add installation for runtime-rs 
setup the compile environment and installation path for the Rust runtime

Fixes:#5000
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-09-22 15:59:44 +08:00
Peng Tao
a2c13bad45 Merge pull request #5156 from fengwang666/uid-reuse-bug 
Non-root hypervisor uid reuse bug
 2022-09-22 15:35:39 +08:00
Peng Tao
af174c2b6d Merge pull request #5195 from wllenyj/update-dbs 
Build-in Sandbox: update dragonball-sandbox dependencies
 2022-09-22 15:07:11 +08:00
Ji-Xinyou
50299a3292 refactor(runtime-rs): Use RwLock in runtime agent 
Use RwLock for Agent in runtime, for better concurrency.

Fixes: #5199
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-09-21 17:43:40 +08:00
Peng Tao
9628c7df0c runtime: update runc dependency 
To bring fix to CVE-2022-29162.

Fixes: #5217
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
 2022-09-21 17:21:37 +08:00
Peng Tao
7fbc883879 runtime-rs: drop dependency on rustc-serialize 
We are not using it and it hasn't got any updates for more than five
years, leaving open CVEs unresolved.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
 2022-09-21 17:19:58 +08:00
Ji-Xinyou
e23bfd615e runtime-rs: make function name more understandable 
Change kparams to kernel_params for understandability.

Fixes: #5068
Signed-Off-By: Ji-Xinyou <jerryji0414@outlook.com>
 2022-09-21 11:48:11 +08:00
Ji-Xinyou
426a436780 runtime-rs: add unit test and eliminate raw string 
Add two unit tests for coverage and eliminate raw strings to constant.

Fixes: #5068
Signed-Off-By: Ji-Xinyou <jerryji0414@outlook.com>
 2022-09-21 11:47:07 +08:00
Ji-Xinyou
87959cb72d runtime-rs: debug console support in runtime 
Read debug console configuration in kernel params.

Fixes: #5068
Signed-Off-By: Ji-Xinyou <jerryji0414@outlook.com>
 2022-09-21 11:46:55 +08:00
Bin Liu
a2e7434a0f Merge pull request #5082 from QiliangFan/main 
dragonball: Fix problem that stdio console cannot connect to stdout
 2022-09-21 11:12:19 +08:00
wllenyj
0399da677d runtime-rs: update dependencies 
Updated Cargo.lock.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-09-20 15:00:14 +08:00
wllenyj
f6f19917a8 dragonball: update dragonball-sandbox dependencies 
Updated vmm-sys-util to 0.10.0
Updated virtio-queue to 0.4.0
Updated vm-memory to 0.9.0
Updated linux-loader to 0.5.0

Fixes: #5194

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-09-20 14:48:09 +08:00
Zhongtao Hu
e05e42fd3c Merge pull request #5113 from liubin/fix/5112-call-TomlConfig-validate-func 
runtime-rs: call TomlConfig's validate function after load
 2022-09-20 14:38:42 +08:00
Zhongtao Hu
fc65e96ad5 Merge pull request #5133 from openanolis/shimmgmt 
feat(Shimmgmt): Shim management server and client
 2022-09-20 14:37:19 +08:00
Bin Liu
2caee1f38d runtime-rs: define VFIO unbind path as a const 
In src/runtime-rs/crates/hypervisor/src/device/vfio.rs,
the path of new_id is defined as a const, but unbind is used
as a local variable, they should be unified to const.

Fixes: #5189

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-19 16:08:35 +08:00
Bin Liu
3f65ff2d07 runtime-rs: fix incorrect comments 
Some comments for types are incorrect in file
 src/libs/kata-types/src/config/hypervisor/mod.rs

Fixes: #5187

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-19 16:03:06 +08:00
Bin Liu
9670a3caac runtime-rs: use Path.is_file to check regular files 
Use Path.is_file to replace using `stat` to check the file type.

Fixes: #5185

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-19 15:57:07 +08:00
Joana Pecholt
ded60173d4 runtime: Enable choice between AMD SEV and SNP 
This is based on a patch from @niteeshkd that adds a config
parameter to choose between AMD SEV and SEV-SNP VMs as the
confidential guest type in case both types are supported. SEV is
the default.

Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>
 2022-09-16 17:51:41 +02:00
Joana Pecholt
22bda0838c runtime: Support for AMD SEV-SNP VMs 
This commit adds AMD SEV-SNP as a confidential guest option to the
runtime. Information on required components such as OVMF, QEMU and
a kernel supporting SEV-SNP are defined in the versions file and
corresponding configs are added.

Note: The CPU model 'host' provided by the current SNP-QEMU does
not support all SNP capabilities yet, which is why this option is
changed to EPYC-v4.

Note: The guest's physical address space reduction specified with
ReducedPhysBits is 1. Details are can be found in Section 15.34.6
here https://www.amd.com/system/files/TechDocs/24593.pdf

Fixes #4437

Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>
 2022-09-16 17:51:41 +02:00
Joana Pecholt
105eda5b9a runtime: Initrd path option added to config 
Adds initrd configuration option to the configuration.toml that is
generated for the setup using QEMU.

Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>
 2022-09-16 17:51:41 +02:00
Bin Liu
a8a8a28a34 runtime-rs/resource: use macro to reduce duplicated code 
Some device types have the same definition, they can be implemented
by macro to reduce code.

And this commit also deleted the `peer_name` field of the structs that
is never been used.

Fixes: #5170

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-15 15:45:26 +08:00
Bin Liu
156e1c3247 runtime-rs: delete some allow(dead_code) attributes 
Some #![allow(dead_code)]s and code are not needed indeed.

Fixes: #5164

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-14 20:50:30 +08:00
qiliangfan
7622452f4b Dragonball: Fix the problem about stdio console 
Let stdout stream connect to the com1_device,

Fixes: #5083

Signed-off-by: qiliangfan <fanqiliang@mail.nankai.edu.cn>
 2022-09-14 15:53:57 +08:00
Bin Liu
208233288a runtime-rs: add test for StaticResource 
Add test case for StaticResource, the old test is not
covering the StaticResource struct.

Fixes: #5162

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-14 11:45:07 +08:00
Feng Wang
f914319874 runtime: store the user name in hypervisor config 
The user name will be used to delete the user instead of relying on
uid lookup because uid can be reused.

Fixes: #5155

Signed-off-by: Feng Wang <feng.wang@databricks.com>
 2022-09-13 10:32:55 -07:00
Feng Wang
5cafe21770 runtime: make StopVM thread-safe 
StopVM can be invoked by multiple threads and needs to be thread-safe

Fixes: #5155

Signed-off-by: Feng Wang <feng.wang@databricks.com>
 2022-09-12 21:56:15 -07:00
Feng Wang
c3015927a3 runtime: add more debug logs for non-root user operation 
Previously the logging was insufficient and made debugging difficult

Fixes: #5155

Signed-off-by: Feng Wang <feng.wang@databricks.com>
 2022-09-12 21:38:57 -07:00
Bin Liu
a58feba9bb Merge pull request #5105 from liubin/fix/5104-ignore-virtiofs-daemon-for-inline-mode 
kata-types: don't check virtio_fs_daemon for inline-virtio-fs
 2022-09-13 10:33:56 +08:00
Bin Liu
42d4da9b6c Merge pull request #5101 from liubin/fix/5100-cpu-period-quota-data-type 
kata-types: change return type of getting CPU period/quota function
 2022-09-13 10:33:29 +08:00
Tim Zhang
8ec4edcf4f Merge pull request #5146 from liubin/fix/5145-check-host-dev 
runtime-rs: fix host device check pattern
 2022-09-13 10:33:05 +08:00
Bin Liu
62cf6e6fc3 runtime-rs: remove meaningless comment 
The comment for `generate_mount_path` function is a copy miss
and should be deleted.

Fixes: #5150

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-09 16:07:35 +08:00
Bin Liu
55f4f3a95b Merge pull request #4897 from ManaSugi/runk/enable-seccomp 
runk: Enable seccomp support by default
 2022-09-09 14:11:35 +08:00
Manabu Sugimoto
bcf6bf843c runk: Enable seccomp support by default 
Enable seccomp support in `runk` by default.
Due to this, `runk` is built with `gnu libc` by default
because the building `runk` with statically linked the `libseccomp`
and `musl` requires additional configurations.
Also, general container runtimes are built with `gnu libc` as
dynamically linked binaries by default.
The user can disable seccomp by `make SECCOMP=no`.

Fixes: #4896

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
 2022-09-09 10:55:16 +09:00
GabyCT
be462baa7e Merge pull request #5103 from liubin/fix/5102-add-inline-virtiofs-config 
config: add "inline-virtio-fs" as a "shared_fs" type
 2022-09-08 10:33:20 -05:00
GabyCT
bcbce8317d Merge pull request #5061 from liubin/fix/5022-runtime-rs-readme 
runtime-rs: add README.md
 2022-09-08 10:32:08 -05:00
bin liu
2b1d058572 runtime-rs: fix host device check pattern 
Host devices should start with `/dev/` but not `/dev`.

Fixes: #5145

Signed-off-by: bin liu <liubin0329@gmail.com>
 2022-09-08 22:44:46 +08:00
Bin Liu
85b49cee02 runtime-rs: add README.md 
Add README.md for runtime-rs.

Fixes: #5022

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-09-08 16:03:45 +08:00
Bin Liu
7cfc357c6e Merge pull request #5034 from ManaSugi/runk/refactor-container-builder 
runk: Refactor container builder
 2022-09-08 11:30:07 +08:00