This commit includes two changes:
- migrate from opentracing to opentelemetry
- add jaeger configuration items
Fixes: #1351
Signed-off-by: bin <bin@hyper.sh>
CGO_ENABLED=0 and -buildmode=pie are not compatible and may lead build failing in some OS.
Specify buildmode=exe to overwrite the value set in BUILDFLAGS
Fixes: #1343
Signed-off-by: bin <bin@hyper.sh>
acpi is enabled for kata 1.x, port and rebase code for 2.x
including:
runtime: enable pflash;
agent: add acpi support for pci bus path;
packaging: enable CONFIG_RTC_DRV_EFI;
Fixes: #1317
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
We should create the container's cgroup under the system's
cgroup default path such as "/sys/fs/cgroup/<sub system>",
instead of under the kata-agnet's process's cgroup path,
which would under the systemd's cgroup such as
"/sys/fs/cgroup/systemd/system.slice/kata-agent.service"
Fixes: #1319
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This patch fixed the security issue if the container images has
unsafe symlink to the container rootfs and hackers can be exploit
this symlink to hack the guest system. e.g. make directory or files
on guest.
CVE-2015-3629
Fixes: #1219
Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
Highlights for cloud-hypervisor version v0.12.0 include: removal of
`vhost-user-net` and `vhost-user-block` self spawning, migration of
`vhost-user-fs` backend, ARM64 enhancements with full support of
`--watchdog` for rebooting, and enhanced `info` HTTP API to include the
details of devices used by the VM including VFIO devices.
Fixes: #1315
Signed-off-by: Bo Chen <chen.bo@intel.com>
According to runtime-spec:
The poststart hooks MUST be invoked by the runtime. If any poststart
hook fails, the runtime MUST log a warning, but the remaining hooks
and lifecycle continue as if the hook had succeeded
Fixes: #1252
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
According to runtime-spec:
The poststop hooks MUST be invoked by the runtime. If any
poststop hook fails, the runtime MUST log a warning, but
the remaining hooks and lifecycle continue as if the hook
had succeeded.
Fixes: #1252
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Qemu config alredy use vanilla kernel build for virtiofs.
Lets make cosisntent the usage of kernel.
Depends-on: github.com/kata-containers/tests#3172
Fixes: #1302
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
This patch integrates new netlink module routines with the agent (mainly
replaces calls to old netlink module with the new one).
Fixes: #1294
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This PR adds new netlink module (based on `rtnetlink` crate), so we don’t have to
write a low level code to interact with netlink sockets, but use a high level API.
As a side effect, `rtnetlink` crate got full IPv6 support, so it fixes#1171Fixes: #1294
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Support pmem-csi[1] k8s pluging, unlike SCSI and virtio devices,
NVDIMM/PMEM devices support DAX, improving IO Read and Write
operations.
fixes#1289
Signed-off-by: Julio Montes <julio.montes@intel.com>
[1]: https://github.com/intel/pmem-csi
Got:
find . -type f -name "*.rs" | egrep -v "target/|grpc-rs/|protocols/" | xargs rustfmt --check
error[E0670]: `async fn` is not permitted in the 2015 edition
This commit fixes this issue.
Signed-off-by: Tim Zhang <tim@hyper.sh>
This commit includes minimal changes in order to switch to Tokio:
- Update protocol crate to generate async server code
- Adds async entry point to the Agent
- Updates agent services signatures in rpc.rs
Fixes: #1209
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Run static checks prior to building the agent.Checks
fail if run after since the compilation process
produces new rust code.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
It should check the read count and return an
error if read count didn't match the expected
number.
Fixes: #1233
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In case the container rootfs's /dev was overrided
by binding mount from another directory, then there's
no need to create the default devices nodes and symlinks
in /dev.
Fixes: #692
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Return SingularPtrField::none() instead of panic when getting stats
from cgroup failed caused by cgroup controller missing.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Fixes: #1224
35ecd6f (origin/change-name, change-name) Update readme
eb6577e Change package name to cgroups-rs
8f6a7e0 Merge pull request #19 from Tim-Zhang/0.2.0
9baa065 (origin/0.2.0, 0.2.0) release: v0.2.0
e160df0 Make read_i64_from private and merge read_str_from to its caller
e1e05d3 Make new_with_relative_paths=new and load_with_relative_paths=new in v2
a89f4a0 Support set notify_on_release & release_agent
61a0957 Fix set_swappiness in cgroup v2
0592045 Ignore kmem in cgroup v2
c254fff Update readme
438d774 Fix test
42ee1ba Make Cgroup can be stored in struct
b6bb5ae docs: Hide Re-exports
d2882b1 Print cause when println!("{}")
abcb5ed Add more logs for create_dir error in controller.create
1f188be Detect subsystems and get root from /proc/self/mountinfo
fbd7164 Fix warnings in tests
f342254 Remove Box wrap of Cgroup.hire
cd998f3 Do not place cgroup under relative path read from cgroup by default
1ac76b6 Make function find_v1_mount pub
121f78d Expose deletion error
0f76570 Avoid exception caused by cgroup writeback feature
10650e2 Update tests to adapt new type of fields in resource
567cdb4 Use Option as resource fields, remove the update switch: update_values
0c18b08 Support customized attributes for CpuController and MemController
ca610bb add add_task_by_tgid
Signed-off-by: Tim Zhang <tim@hyper.sh>
get_bool_value() in src/agent/src/config.rs includes a Result::or_else()
call with a trivial closure which can be replaced by a Result::or. This
removes a clippy warning.
fixes#1201
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
