rootless execution does not yet support cgroups, so if running
rootlessly skip the cgroup creation and deletion.
Fixes: 1877
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Modify some path variables to be functions that return the path
with the rootless directory prefix if running rootlessly.
Fixes: #1827
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Do not add the "nvdimm" machine option to QEMU when the config specifies
a initrd file.
For arm64, this allows using a vanilla QEMU, where "virt" machine does
not support the "nvdimm" option.
Fixes: #2088
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
When 'debug' is enabled, qemu's debug info is output
into qemu's log file. When lauching qemu failed, it's
better to log these debug info and return it directly
for debugging.
Fixes:#2042
Signed-off-by: lifupan <lifupan@gmail.com>
Kata support several hypervisor and not all hypervisor support the
same type of sockets, for example QEMU support vsock and unix sockets, while
firecracker only support hybrid vsocks, hence sockets generations should be
hypervisor specific
fixes#2027
Signed-off-by: Julio Montes <julio.montes@intel.com>
Rename kataVSOCK to VSock and move it into the types package, this way it can
be accessible by other subpackages. This change is required because in next
commits the socket address and type (socket, vsock, hybrid vsock) will be
hypervisor specific.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Currently only firecracker supports hybrid vsocks, change the implementation
to use hybrid vsocks in firecracker.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add logger to the http transport to log the requests that the runtime writes
in the firecracker's socket. Enable debug it's enabled.
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit enables the `share-rw` flag for the image file in s390x.
This enables multiple instances of qemu to share the same image.
Fixes: #2049
Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>
Fixes: #2023
We can get OCI spec config from bundle instead of annotations, so this
field isn't necessary.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
Add appendImage function to struct qemuS390x, so that a call of
appendImage results in a call to the appendBlockDevice function of
qemuS390x instead of qemuArchBase.
Fixes: #2043
Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>
Rename function appendVSockPCI to appendVSock to be general. The
function could use PCI or CCW devices.
Added return error to appendVSock.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Fixes: #2023
CompatOCISpec is used to gurantee backward compatbility for old runtime
specs, after we convert CompatOCISpec to standard specs.Spec, we should
use specs.Spec instead of CompatOCISpec, and CompatOCISpec should be
useless from then.
Spread usage of CompatOCISpec can make code structure confusing and making
the runtime spec usage non-standard. Besides, this can be the very first
step of removing CompatOCISpec from config's Annotations field.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
With MacVTap internetworking, Kata fails to launch containers
with ACRN hypervisor. This was due to missing MAC address as
part of virtio-net device when launching VM. This patch fixes
this issue by adding the MAC address.
Fixes: #2029
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
If ociMounts has DNS file /etc/resolv.conf present,
then pass the dns as part of CreateSandboxRequest to
the agent.
Depends-on: github.com/kata-containers/agent#625
Fixes: #1603
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
Create generic function to be reused to the reimplemented methods by
various architectures
Fixes: #1153
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Reviewed-by: Jan Schintag <jan.schintag@de.ibm.com>
In this way it is possible to set bridge variable for each arch when
instantiating the hypervisor.
Fixes: #1153
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Co-authored-by: Jan Schintag <jan.schintag@de.ibm.com>
Casting in golang doesn't return a pointer to the structure, instead a new
structure is instantiated. This patch is to update the old structure with
the new one in order to apply the changes.
fixes#2016
Signed-off-by: Julio Montes <julio.montes@intel.com>
The container store should be deleted when new/create is failed if the
store is newly created.
Fixes: #2013
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
