It would be undesirable to be given an annotation like "/dev/null".
Filter out bad annotation values.
Fixes: #1043
Suggested-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
`make test` depends mock hook in virtcontainers directory,
before test, install it first.
And also run test as normal user and root in GitHub actions.
Fixes: #1554
Signed-off-by: bin <bin@hyper.sh>
Some variable are initialized in the Makefile, but never used.
Removing them to clean up the Makefile.
Fixes: #1003
Signed-off-by: Julien Ropé <jrope@redhat.com>
If specified, sandbox_bind_mounts identifies host paths to be
mounted (ro) into the sandboxes shared path. This is only valid
if filesystem sharing is utilized.
The provided path(s) will be bindmounted (ro) into the shared fs directory on
the host, and thus mapped into the guest. If defaults are utilized,
these mounts should be available in the guest at
`/var/run/kata-containers/shared/containers/sandbox-mounts`
These will not be exposed to the container workloads, and are only
added for potential guest-services to consume (example: expose certs
into the guest that are available on the host).
Fixes: #1464
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
CGO_ENABLED=0 and -buildmode=pie are not compatible and may lead build failing in some OS.
Specify buildmode=exe to overwrite the value set in BUILDFLAGS
Fixes: #1343
Signed-off-by: bin <bin@hyper.sh>
Qemu config alredy use vanilla kernel build for virtiofs.
Lets make cosisntent the usage of kernel.
Depends-on: github.com/kata-containers/tests#3172
Fixes: #1302
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
On runtime/Makefile the value of DESTDIR is set to "/", unless one
pass that variable as an argument to `make`. This change will
allow its overwrite if DESTDIR is exported in the environment as
well.
Fixes#1182
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
- add a reference Dockerfile to tools
- update kata-monitor build to:
1) utilize the kata buildflags, which were dropped before
2) disable CGO, so we have option for building in alpine
From root of the repository, example build:
$ docker build -f tools/packaging/kata-monitor/Dockerfile -t kata-monitor .
Fixes: #1135
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
The build was setting a `FCVALIDPATHS` variable for firecracker, but
that was never being used. Conversely, the firecracker configuration
template was expecting a `FCVALIDHYPERVISORPATHS`, but that variable was
never being set.
Resolve by only setting the `FCVALIDHYPERVISORPATHS` variable to ensure
the generated firecracker config is valid once again.
Fixes: #1001.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Simplify definition of the `CLHVALIDHYPERVISORPATHS` build variable to
use the already defined `CLHPATH`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
In commit 966bd57 for PR #902, the makefile was changed to automate
the replacement of user variables. However, one variable was treated
specially in the original `sed` replacements, namely `RUNTIME_NAME`
which was replaced by `$(TARGET)`.
This commit adds the `RUNTIME_NAME` variable to the makefile in order
to ensure that the replacement works correctly.
Fixes: #993
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
For experimental-virtiofs, we use it to test virtiofs with DAX. Let's
rename its virtiofsd to virtiofsd-dax.
Depends-on: github.com/kata-containers/tests#2951
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We've been shipping it for a long time. It's time to make it default
replacing the old obsolet 9pfs.
Fixes: #935
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This was discovered while checking a massive change in variables.
The root cause for the error is a very long list of manual
replacements, that is best replaced with a $(foreach).
All individual variables in the output configuration files were
checked against the old build using diff.
This is a forward port of a makefile fix included in
PR https://github.com/kata-containers/runtime/issues/3004
for issue https://github.com/kata-containers/runtime/issues/2943Fixes: #901
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
The entries used to be things like PATH_LIST, which are too generic.
Replace them with more precise name with a distinguishing keyword,
namely VALID. For example valid_hypervisor_paths.
Fixes: #901
Suggested-by: James O.D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Add a field "enable_annotations" to the runtime configuration that can
be used to whitelist annotations using a list of regular expressions,
which are used to match any part of the base annotation name, i.e. the
part after "io.katacontainers.config.hypervisor."
For example, the following configuraiton will match "virtio_fs_daemon",
"initrd" and "jailer_path", but not "path" nor "firmware":
enable_annotations = [ "virtio.*", "initrd", "_path" ]
The default is an empty list of enabled annotations, which disables
annotations entirely.
If an anontation is rejected, the message is something like:
annotation io.katacontainers.config.hypervisor.virtio_fs_daemon is not enabled
Fixes: #901
Suggested-by: Peng Tao <tao.peng@linux.alibaba.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Add variables to override defaults at build time for the various lists
used to control path annotations.
Fixes: #901
Suggested-by: Fabiano Fidencio <fidencio@redhat.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Dave Gilbert brough up that passing --thread-pool-size=1 to virtiofsd
may result in a performance improvement especially when using
`cache=none`. While our current default is `cache=auto`, Dave mentioned
that he seems no harm in having it set and he also mentiond that it may
use a lot less stack space on aarch/arm.
Fixes: #943
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
virtiofs DAX support is not stable today, there are
a few corner cases to make it default.
Fixes: #862Fixes: #875
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Update `kata-check` to see if there is a newer version available for
download. Useful for users installing static packages (without a package
manager).
Fixes: #734.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The linux kernel feature RANDOMIZE_BASE improved the security and at
the same time increased the memory footprint of a kata container,
this feature was enabled in kata-containers/packaging#1006.
In order to mitigate this increase in memory consumption, we can
boot container using the uncompressed kernel.
Reduce boot time by ~5%
Reduce KSM memory footprint by ~14%
Reduce noKSM memory footprint by ~27%
fixes#669
Signed-off-by: Julio Montes <julio.montes@intel.com>
With kata containers moving to 2.0, (hybrid-)vsock will be the only
way to directly communicate between host and agent.
And kata-proxy as additional component to handle the multiplexing on
serial port is also no longer needed.
Cleaning up related unit tests, and also add another mock socket type
`MockHybridVSock` to deal with ttrpc-based hybrid-vsock mock server.
Fixes: #389
Signed-off-by: Penny Zheng penny.zheng@arm.com
[ port from runtime commit 4645d3e6ef2e99dae1f2b3a7bfded6fc304d3023 ]
Today for virtiofsd kata sets by default `cache=always`. This option is
useful for performance but if the shared files are modified from the
host changes are not updated in the guest as virtiofsd uses cached value
all time.
This patch changes to `cache=auto` to fix consistency issues. The option
can still be set to always if it is wanted by the user.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit e5a3211c74e20e9878fd0f5d1c80a3c4354eabd1 ]
Today some options for virtiofsd could improve compatibility
for example xattrs for dnf or cache=auto for file consistency
for changes in the host. Allow users can enabled as requiered.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit 41a06d4961f51af4ec4799aaee202c744584f31e ]
The user sometimes doesn't care about pmu usage(e.g. perf tool profiling).
But pmu will cost significant overhead on boot time and virtualization
context switch. E.g. on arm64, if guest pmu is enabled, kvm should save
and restore all PMU registers when guest/host switching.
for dmesg comparision:
Before:
[ 0.007620] bus: 'platform': driver_probe_device: matched device pmu with driver armv8-pmu
[ 0.007622] bus: 'platform': really_probe: probing driver armv8-pmu with device pmu
[ 0.036282] hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
[ 0.036285] driver: 'armv8-pmu': driver_bound: bound to device 'pmu'
[ 0.036295] bus: 'platform': really_probe: bound device pmu to driver armv8-pmu
After:
[ 0.007935] bus: 'platform': driver_probe_device: matched device alarmtimer with driver alarmtimer
[ 0.007937] bus: 'platform': really_probe: probing driver alarmtimer with device alarmtimer
[ 0.007940] driver: 'alarmtimer': driver_bound: bound to device 'alarmtimer'
[ 0.007944] bus: 'platform': really_probe: bound device alarmtimer to driver alarmtimer
Because s390 doest support "pmu=off", keep the default CPUFEATURES to be ""
instead of "pmu=off".
Signed-off-by: Jia He <justin.he@arm.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
All components should support a `--version` option to allow clear
identification of the version of the component being used.
Note that the build changes are required to allow the shim binary to
access the golang code generated by the build (such as the `version`
variable).
Fixes: #307.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
