aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-18 13:54:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,600 Commits 30 Branches 115 Tags
0f43ec8ff79472d91acfe73717ddfc07ce1b5dc0
Commit Graph

1035 Commits

Author SHA1 Message Date
Steve Horsman
d3547814e5 Merge pull request #6104 from stevenhorsman/remove-skopeo-umoci 
CC: Remove skopeo umoci
 2023-01-27 10:31:33 +00:00
Megan Wright
c81071bb68 agent: update vendor packages 
Update vendor packages after merge
Signed-off-by: Megan Wright <megan.wright@ibm.com>
 2023-01-25 14:30:16 +00:00
stevenhorsman
ee5fb8c998 agent: Remove container_policy_file config 
- Remove the container_policy_file config parameter as it was only used
by the skopeo code path

Fixes: #3970
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2023-01-25 11:37:56 +00:00
stevenhorsman
dea1891851 agent: Remove skopeo & umoci 
Remove code paths that use skopeo to pull images & umoci to unpack them

Fixes: #3970
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2023-01-25 11:37:56 +00:00
Megan Wright
36cd741943 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #6126
Signed-off-by: Megan Wright megan.wright@ibm.com
 2023-01-25 11:23:18 +00:00
stevenhorsman
0fc7b4b74d agent: Improve logging of pull image 
- Add agent log if pull image fails

Fixes: #6118

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2023-01-23 17:09:39 +00:00
Bin Liu
083facd5ae Merge pull request #5256 from Yuan-Zhuo/fix-agent-metrics 
agent: Eliminate unnecessary metrics
 2023-01-18 11:43:37 +08:00
Bin Liu
1592a385eb dependency: update cgroups-rs 
Update cgroups-rs.

Fixes: #6039

Signed-off-by: Bin Liu <bin@hyper.sh>
 2023-01-13 14:00:51 +08:00
Fabiano Fidêncio
e87b887589 build: Update image-rs to v0.3.0 
image-rs has released its v0.3.0 release earlier Today, following the
v0.3.0 Confidential Containers release process.

The v0.3.0 is based on exactly the same commit we've been using already,
so no changes are expected for us.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-12 18:30:59 +01:00
Georgina Kinge
e8c63ccc4d CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #6011
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2023-01-09 12:02:48 +00:00
Zhongtao Hu
ec18368aba Merge pull request #5858 from openanolis/refactor-guest-hook 
agent: refactor guest hooks
 2023-01-06 22:28:09 +08:00
Fabiano Fidêncio
f1d6e64adf agent: Update image-rs to bring stream pulling support 
Image layers stream pulling support has been merged into image-rs, and
we're now pulling an image-rs version that contains the merged code.

See: https://github.com/confidential-containers/image-rs/pull/96

Fixes: #5968

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 19:56:00 +01:00
Fabiano Fidêncio
c5be78a03d agent: Fix CCv0 specific unnecessary_lazy_evaluations 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to unnecessary_lazy_evaluations.

Let's fix them all here.

For more info about the warnings, please, take a look at:

https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_lazy_evaluations

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 19:56:00 +01:00
Fabiano Fidêncio
60a8a5bf4a agent: Fix CCv0 specific "match-like-matches-macro" warning 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to "match-like-matches-macro".

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#match_like_matches_macro

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 19:56:00 +01:00
Fabiano Fidêncio
eaf72daa80 agent: Fix CCv0 specific needless_borrow warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to needless_borrow.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 19:56:00 +01:00
Fabiano Fidêncio
1085fac5c2 agent: Allow clippy::question_mark warning in Namespace{} 
As the rust toolchain version bump to its 1.66.0 release raised a
warning about the code being able to be refactored to use `?`.

For now that's something we don't need to change, so let's ignore such
warning in this very specific case.

See:
https://rust-lang.github.io/rust-clippy/master/index.html#question_mark

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 15:34:02 +01:00
Fabiano Fidêncio
c3c9e1b4a3 agent: Fix explicit_auto_deref warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to explicit_auto_deref.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#explicit_auto_deref

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 15:33:58 +01:00
Fabiano Fidêncio
20be612cd1 agent: Fix needless_borrow warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to needless_borrow.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 15:33:53 +01:00
Fabiano Fidêncio
083e3f26ed rustjail: Fix unnecessary_cast warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to unnecessary_cast.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_cast

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 15:33:48 +01:00
Fabiano Fidêncio
1f391ef511 rustjail: Fix needless_borrow warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to needless_borrow.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 15:33:40 +01:00
Fabiano Fidêncio
a545a65934 agent: Allow clippy::question_mark warning in Namespace{} 
As the rust toolchain version bump to its 1.66.0 release raised a
warning about the code being able to be refactored to use `?`.

For now that's something we don't need to change, so let's ignore such
warning in this very specific case.

See:
https://rust-lang.github.io/rust-clippy/master/index.html#question_mark

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 15:22:20 +01:00
Fabiano Fidêncio
9ced34dd22 agent: Fix explicit_auto_deref warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to explicit_auto_deref.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#explicit_auto_deref

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 14:59:50 +01:00
Fabiano Fidêncio
f77220490e agent: Fix needless_borrow warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to needless_borrow.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 14:58:13 +01:00
Fabiano Fidêncio
7bcdc9049a rustjail: Fix unnecessary_cast warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to unnecessary_cast.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_cast

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 14:42:58 +01:00
Fabiano Fidêncio
41d7dbaaea rustjail: Fix needless_borrow warnings 
As we bumped the rust toolchain to 1.66.0, some new warnings have been
raised due to needless_borrow.

Let's fix them all here.

For more info about the warnings, please, take a look at:
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-01-02 14:42:25 +01:00
Yushuo
85f9094f17 agent: refactor guest hooks 
We have to execute some hooks both in host and guest. And in
/libs/kata-sys-util/src/hooks.rs, the coomon operations are implemented.

In this commit, we are going to refactor the code of guest hooks using
code in /libs/kata-sys-util/src/hooks.rs. At the same time, we move
function valid_env to kata-sys-util to make it usable by both agent and
runtime.

Fixes: #5857

Signed-off-by: Yushuo <y-shuo@linux.alibaba.com>
 2022-12-26 10:15:19 +08:00
Georgina Kinge
0701e171e2 agent: removing sysinfo during merge 
Removed the sysinfo that got left behind during merge

Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-12-14 15:36:13 +00:00
Georgina Kinge
332a425145 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5905
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
 2022-12-14 14:55:23 +00:00
Fabiano Fidêncio
f1381eb361 Merge pull request #4813 from ManaSugi/fix/add-selinux-agent 
runtime,agent: Add SELinux support for containers inside the guest
 2022-12-13 11:24:53 +01:00
Yuan-Zhuo
bf8848f926 agent: Eliminate unnecessary metrics 
DEFAULT_REGISTRY pre-registers many metrics that we don't need or have duplicated.
This PR uses a custom register for metrics without interference and ensures that
the registration process is executed only once when the program is running.

Fixes: #5255

Signed-off-by: Yuan-Zhuo <yuanzhuo0118@outlook.com>
 2022-12-13 16:18:33 +08:00
Bin Liu
03b6124fc6 Merge pull request #5848 from Yuan-Zhuo/drop-cgmr-option 
agent: Drop the Option for LinuxContainer.cgroup_manager
 2022-12-13 12:09:39 +08:00
Megan Wright
7c1b3f0b61 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5854
Signed-off-by: Megan Wright <megan.wright@ibm.com>
 2022-12-07 11:15:50 +00:00
Yuan-Zhuo
7fdbbcda82 agent: Drop the Option for LinuxContainer.cgroup_manager 
Cgroup manager for a container will always be created.
Thus, dropping the option for LinuxContainer.cgroup_manager
is feasible and could simplify the code.

Fixes: #5778

Signed-off-by: Yuan-Zhuo <yuanzhuo0118@outlook.com>
 2022-12-07 13:40:38 +08:00
Fabiano Fidêncio
265347993d Merge pull request #5826 from GeorginaKin/CCv0 
CCv0: Merge main into CCv0 branch
 2022-12-06 16:29:02 +01:00
James Tumber
748f22e7d0 agent: remove sysinfo dependency 
Removes the redundant dependency `sysinfo`.

Fixes: #5843

Signed-off-by: James Tumber <james.tumber@ibm.com>
 2022-12-06 10:18:53 +00:00
Matthew Arnold
43c9b8fb5d agent: Fix s390x agent build 
Exclude the image-rs cosign feature when the build target
is the s390x architecture.

Change Cargo to use workspace resolver 2 so that conditional
include for the image-rs crate is resolved correctly for different
targets.

Update cargo lock.

Fixes: #5582

Signed-off-by: Matthew Arnold <mattarno@uk.ibm.com>
 2022-12-05 10:50:05 +00:00
stevenhorsman
578ee62da2 CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5824
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2022-12-02 16:15:39 +00:00
Bin Liu
9ccf2ebe8a agent: add signal value to log 
For signal_process call, log the signal value in logs.

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-12-02 14:53:58 +08:00
Fabiano Fidêncio
54e39dfcdf Merge pull request #5733 from Jordan9500/workdir-ccv0-fix 
CC | agent: Update the merge_oci_process function to change cwd
 2022-11-30 18:19:58 +01:00
Fabiano Fidêncio
94d0c3c97d Merge pull request #5767 from Megan-Wright/CCv0 
CC: Merge main into CCv0 branch
 2022-11-30 18:18:45 +01:00
Fabiano Fidêncio
e922c73f0c Merge pull request #5680 from stevenhorsman/authenticated-registry 
CC | agent: Add auth reg support to the agent
 2022-11-30 11:17:17 +01:00
Manabu Sugimoto
9354769286 agent: Add SELinux support for containers 
The kata-agent supports SELinux for containers inside the guest
to comply with the OCI runtime specification.

Fixes: #4812

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
 2022-11-29 19:07:56 +09:00
Jordan Jackson
0264584935 agent: Update the merge_oci_process function to change cwd 
Change the if statement to check if the CWD is set to /
Add unit tests for the correct merging of working directory
in the container and image process

Note: there is an outstanding question about one test case
Format code

Fixes: #5721

Co-authored-by: stevenhorsman <steven@uk.ibm.com>
Signed-off-by: Jordan Jackson <jordan.jackson@ibm.com>
 2022-11-29 09:20:22 +00:00
Bin Liu
588f81a23c Merge pull request #5612 from openanolis/fix-iptables 
fix(agent): fix iptables binary path in guest
 2022-11-29 16:57:06 +08:00
GabyCT
013752667b Merge pull request #5776 from liubin/tmp/debug-static-check 
ci: let static checks don't depend on build
 2022-11-28 07:51:42 -06:00
Bin Liu
6af037d379 Merge pull request #5154 from Yuan-Zhuo/main 
agent: support systemd cgroup for kata agent.
 2022-11-28 18:40:10 +08:00
Bin Liu
e723bad0af ci: let static checks don't depend on build 
Build is a time consumable operation, skip build while let
ci run faster.

Fixes: #5777

Signed-off-by: Bin Liu <bin@hyper.sh>
 2022-11-28 15:26:04 +08:00
Jordan Jackson
5f2d81e490 agent: Update the merge_oci_process to properly manage the env variables 
Loop through the images enviroment variables, checking if it exists
inside the target. If it does then do not append it.
Add unit tests for correctly merging the env variables of the pod yaml
and image itself in the container and image process
Format code

Fixes: #5730

Signed-off-by: Jordan Jackson <jordan.jackson@ibm.com>
 2022-11-25 10:47:39 +00:00
Megan Wright
a8509821dd CCv0: Merge main into CCv0 branch 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5743
Signed-off-by: Megan Wright <megan.wright@ibm.com>
 2022-11-25 09:55:44 +00:00
Ji-Xinyou
1d93a93468 fix(agent): fix iptables binary path in guest 
Some rootfs put iptables-save and iptables-restore
under /usr/sbin instead of /sbin. This pr checks both
and returns the one exist.

Fixes: #5608
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-11-25 11:57:34 +08:00