The version.rs file is now generated to contain up-to-date information
from the makefile, including git commit and the full binary path.
The makefile has also been modified to make it easier to add changes
in generated files based on makefile variables.
Fixes: #740
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Fix the bug where the version string generated by the `Makefile` was not
being passed to the agent, resulting in a "unknown" version.
Fixes: #725.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Until a container is deleted, agent should allow runtime to wait for
a process in parallel, as being supported by the go agent.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Same as containers, it is possible for an exec process to stop so
quickly that containerd may send a parallel Kill request. We should
just return success in such case.
Fixes: #716
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
The cgroup_parent path is expected to be absolute path,
add an '/' prefix to the passed cgroup_parent path to make
sure it's an absolute path.
Fixes: #336
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Sometimes runtime will fail in onlining CPU process,
because when the runtime calls to QMP
`device_add`, QEMU doesn't allocate all vCPUs inmediatelly.
Fixes: #665
Signed-off-by: bin liu <bin@hyper.sh>
The linux kernel feature RANDOMIZE_BASE improved the security and at
the same time increased the memory footprint of a kata container,
this feature was enabled in kata-containers/packaging#1006.
In order to mitigate this increase in memory consumption, we can
boot container using the uncompressed kernel.
Reduce boot time by ~5%
Reduce KSM memory footprint by ~14%
Reduce noKSM memory footprint by ~27%
fixes#669
Signed-off-by: Julio Montes <julio.montes@intel.com>
`rustjail::erros` was removed in a previous commit, hence some external crates
like `error_chain` are no longger required, update Cargo.toml and Cargo.lock
to reflect these changes.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Don't use `rustjail::errors` for error handling, since it's not
thread safe and there are better alternatives like `anyhow`.
`anyhow` attaches context to help the person troubleshooting
the error understand where things went wrong, for example:
Current error messages:
```
No such file or directory (os error 2)
```
With `anyhow`:
```
Error: Failed to read config.json
Caused by:
No such file or directory (os error 2)
```
fixes#641
Signed-off-by: Julio Montes <julio.montes@intel.com>
anyhow provides `anyhow::Error`, a trait object based error type for
easy idiomatic error handling in Rust applications
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use `.to_string` to wrap up `caps::errors::Error`s since they are not
thread safe, otherwise `cargo build` will fail with the following error:
```
doesn't satisfy `caps::errors::Error: std::marker::Sync`
```
Signed-off-by: Julio Montes <julio.montes@intel.com>
Return `anyhow::Result` from all the functions in this directory.
Add function `io_error_kind_eq` to compare an `anyhow::Error` with an
`io::Error`, this function downcast the `anyhow::Error`.
Signed-off-by: Julio Montes <julio.montes@intel.com>
anyhow provides `anyhow::Error`, a trait object based error type for
easy idiomatic error handling in Rust applications.
Signed-off-by: Julio Montes <julio.montes@intel.com>
I noticed the spelling mistake while reviewing another change and
doing a "grep" for "privilege" that turned up nothing.
Fixes: #671
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Currently, isPCIeDevice() attempts to determine if a (host) device is
PCI-Express capable by looking up its link speed via the PCI slots
information in sysfs. This is a) complicated and b) wrong. PCI-e
devices don't have to have slots information, so this frequently fails.
Instead determine if devices are PCI-e by checking for the presence of
PCIe extended configuration space by looking at the size of the "config"
file in sysfs.
Forward ported from 6bf93b23 in the Kata 1.x runtime repository.
Fixes: #611
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Add guide on how to pass a VFIO-AP device, such as Crypto Express cards
on IBM Z mainframes, to a Kata container. Like the documentation for
VFIO-PCI, this was put in the virtcontainers README.
Fixes: #658
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Recognise when a device to be hot-plugged is an IBM Adjunct Processor
(AP) device and execute VFIO AP hot-plug accordingly. Includes unittest
for recognising and uses CCW for addDeviceToBridge in hotplugVFIODevice
if appropriate.
Fixes: #491
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Co-authored-by: Julio Montes <julio.montes@intel.com>
Reviewed-by: Alice Frosi <afrosi@redhat.com>
Since we always build musl kata-agent, there is no need to build
it inside a musl container. We can just build on the host and then
copy the binary to the target rootfs.
There are still a lot to clean up and it should be made so for ALL
target distros instead of just alpine. But this is at least working
for alpine first.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Anyone can collaborate in the Kata Containers project, so instead of
adding her/his name and email to the Cargo.toml files, use
`The Kata Containers community` as name and
`kata-dev@lists.katacontainers.io` as email.
fixes#643
Signed-off-by: Julio Montes <julio.montes@intel.com>
For ephemeral storage handler, it should return an
empty string instead of the mount destination.
Fixes: #635
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
for s390x virtio devices
Add iommu_platform annotations for qemu for ccw,
other supported devices can also make use of that.
Fixes#603
Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
