Create a raw file and bind mount it to use it as disk is not needed,
instead a the raw file can be created at the jail path and use it directly
as disk, if a new container is added the real disk/device can be bind mounted
in the raw file.
Signed-off-by: Julio Montes <julio.montes@intel.com>
move device operations to a more generic place where they can be used
in any hypervisor implementation.
Signed-off-by: Julio Montes <julio.montes@intel.com>
The tuntap network device is for tuntap interfaces to connect
to the container. A specific use case is the slirp4netns tap
interface for rootless kata-runtime.
Fixes: #1878
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
rootless execution does not yet support cgroups, so if running
rootlessly skip the cgroup creation and deletion.
Fixes: 1877
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Modify some path variables to be functions that return the path
with the rootless directory prefix if running rootlessly.
Fixes: #1827
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
Do not add the "nvdimm" machine option to QEMU when the config specifies
a initrd file.
For arm64, this allows using a vanilla QEMU, where "virt" machine does
not support the "nvdimm" option.
Fixes: #2088
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
When 'debug' is enabled, qemu's debug info is output
into qemu's log file. When lauching qemu failed, it's
better to log these debug info and return it directly
for debugging.
Fixes:#2042
Signed-off-by: lifupan <lifupan@gmail.com>
Kata support several hypervisor and not all hypervisor support the
same type of sockets, for example QEMU support vsock and unix sockets, while
firecracker only support hybrid vsocks, hence sockets generations should be
hypervisor specific
fixes#2027
Signed-off-by: Julio Montes <julio.montes@intel.com>
Rename kataVSOCK to VSock and move it into the types package, this way it can
be accessible by other subpackages. This change is required because in next
commits the socket address and type (socket, vsock, hybrid vsock) will be
hypervisor specific.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Currently only firecracker supports hybrid vsocks, change the implementation
to use hybrid vsocks in firecracker.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add logger to the http transport to log the requests that the runtime writes
in the firecracker's socket. Enable debug it's enabled.
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit enables the `share-rw` flag for the image file in s390x.
This enables multiple instances of qemu to share the same image.
Fixes: #2049
Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>
Fixes: #2023
We can get OCI spec config from bundle instead of annotations, so this
field isn't necessary.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
Add appendImage function to struct qemuS390x, so that a call of
appendImage results in a call to the appendBlockDevice function of
qemuS390x instead of qemuArchBase.
Fixes: #2043
Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>
Rename function appendVSockPCI to appendVSock to be general. The
function could use PCI or CCW devices.
Added return error to appendVSock.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Fixes: #2023
CompatOCISpec is used to gurantee backward compatbility for old runtime
specs, after we convert CompatOCISpec to standard specs.Spec, we should
use specs.Spec instead of CompatOCISpec, and CompatOCISpec should be
useless from then.
Spread usage of CompatOCISpec can make code structure confusing and making
the runtime spec usage non-standard. Besides, this can be the very first
step of removing CompatOCISpec from config's Annotations field.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
With MacVTap internetworking, Kata fails to launch containers
with ACRN hypervisor. This was due to missing MAC address as
part of virtio-net device when launching VM. This patch fixes
this issue by adding the MAC address.
Fixes: #2029
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
If ociMounts has DNS file /etc/resolv.conf present,
then pass the dns as part of CreateSandboxRequest to
the agent.
Depends-on: github.com/kata-containers/agent#625
Fixes: #1603
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
Create generic function to be reused to the reimplemented methods by
various architectures
Fixes: #1153
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Reviewed-by: Jan Schintag <jan.schintag@de.ibm.com>
In this way it is possible to set bridge variable for each arch when
instantiating the hypervisor.
Fixes: #1153
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Co-authored-by: Jan Schintag <jan.schintag@de.ibm.com>
