Return SingularPtrField::none() instead of panic when getting stats
from cgroup failed caused by cgroup controller missing.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Fixes: #1224
35ecd6f (origin/change-name, change-name) Update readme
eb6577e Change package name to cgroups-rs
8f6a7e0 Merge pull request #19 from Tim-Zhang/0.2.0
9baa065 (origin/0.2.0, 0.2.0) release: v0.2.0
e160df0 Make read_i64_from private and merge read_str_from to its caller
e1e05d3 Make new_with_relative_paths=new and load_with_relative_paths=new in v2
a89f4a0 Support set notify_on_release & release_agent
61a0957 Fix set_swappiness in cgroup v2
0592045 Ignore kmem in cgroup v2
c254fff Update readme
438d774 Fix test
42ee1ba Make Cgroup can be stored in struct
b6bb5ae docs: Hide Re-exports
d2882b1 Print cause when println!("{}")
abcb5ed Add more logs for create_dir error in controller.create
1f188be Detect subsystems and get root from /proc/self/mountinfo
fbd7164 Fix warnings in tests
f342254 Remove Box wrap of Cgroup.hire
cd998f3 Do not place cgroup under relative path read from cgroup by default
1ac76b6 Make function find_v1_mount pub
121f78d Expose deletion error
0f76570 Avoid exception caused by cgroup writeback feature
10650e2 Update tests to adapt new type of fields in resource
567cdb4 Use Option as resource fields, remove the update switch: update_values
0c18b08 Support customized attributes for CpuController and MemController
ca610bb add add_task_by_tgid
Signed-off-by: Tim Zhang <tim@hyper.sh>
get_bool_value() in src/agent/src/config.rs includes a Result::or_else()
call with a trivial closure which can be replaced by a Result::or. This
removes a clippy warning.
fixes#1201
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The first incompatible issue is caused by a typo, "swapiness" should
be "swappiness". The second incompatible issue is caused by a serde
format. The struct LinuxBlockIODevice is introduced for convenience,
but it also changes serialized data, so "#[serde(flatten)]" should
be used for compatibility with OCI spec.
Fixes: #1211
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
When receiving an OnlineCpuMemory RPC, if the number of CPUs to be
made available is 0, then updating the cpusets is a redundant operation.
Fixes: #1172
Signed-off-by: Maruth Goyal <maruthgoyal@gmail.com>
If the upcast from resultingRoutes to *grpc.IRoutes fails, we return
(nil, err), but previous code ensures that err is nil at that point, so we
return no error.
fixes#1206
Forward port of
0ffaeeb5d8
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
If the upcast from resultingInterfaces to *grpc.Interfaces fails, we
return (nil, err), but previous code ensures that err is nil at that
point, so we return no error.
Forward port of
b86e904c2dfixes#1206
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
oci.proto imports "google/protobuf/wrappers.proto", but doesn't appear to
use it, which causes a warning from protoc when we compile it. Remove the
import to fix the warning.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The generate_go_sources() function in update-generate-proto.sh adds a
number of include directives to the protoc command line. Some of these
don't appear to be necessary to correctly compile the agent's protocol
files, so remove them.
Amongst other things were directives pointing at the old Kata1 runtime and
agent repositories. Those ones could be actively harmful by causing odd
dependencies of the Kata2 build on the Kata1 repositories.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
src/agent/protocols/hack/update-generated-proto.sh checks for the presence
of protoc-gen-rust and ttrpc_rust_plugin, but it doesn't actually need
them. Those tools are needed to generate Rust code from the gRPC proto
files, but that's already handled in src/agent/protocols/build.rs using
Cargo for dependency management.
This script is only needed for the Go code, for which the other tools are
sufficient.
fixes#1198
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This PR wraps fd raw descriptor with File, so it'll be properly closed once exited.
Fixes: #1192
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
On runtime/Makefile the value of DESTDIR is set to "/", unless one
pass that variable as an argument to `make`. This change will
allow its overwrite if DESTDIR is exported in the environment as
well.
Fixes#1182
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This is the Rust porting of https://github.com/kata-containers/agent/pull/371
`read_stdout`/`read_stderr` is blocking rpc calls, if exec process
exited, these calls is on blocking state for reading on process's
term master fd, and can't get a chance to break the wait.
In this PR, `read_stdout`/`read_stderr` will not read directly from
a term master of a process, instead, it will first have to get
an fd to read from newly added `epoller.poll()`. `epoller.poll()` may returns:
- the term master fd of exec process, if the process is running.
- a fd(piped fd) will return EOF when reading to indicate that th process is exited.
Fixes: #1160
Signed-off-by: bin liu <bin@hyper.sh>
Sometimes shim process cannot be shutdown because of container list
is not empty. This container list is written in shim service, while
creating container. We find that if containerd cancel its Create
Container Request due to timeout, but runtime didn't handle it properly
and continue creating action, then this container cannot be deleted at
all. So we should make sure the ctx passed to Create Service rpc call
is effective.
Fixes#1088
Signed-off-by: Yves Chan <shanks.cyp@gmail.com>
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
After cpu hot-plugged is available, cpuset for containers will be written into
cgroup files recursively, the paths should include container's cgroup path, and up
to root path of cgroup filesystem.
Fixes: #1156, #1159
Signed-off-by: bin liu <bin@hyper.sh>
The result of `cpuset_controller.set_cpus(&cpu.cpus)` is unwrapped,
this will lead creating container to fail if cpuset is set.
The sandbox's `CreateContainer` sequence is:
c, err := newContainer(s, &contConfig)
err = c.create()
c.sandbox.agent.createContainer(c.sandbox, c) (1)
err = s.updateResources()
oldCPUs, newCPUs, err := s.hypervisor.resizeVCPUs(sandboxVCPUs) (2)
cpuset only avaiable after `s.hypervisor.resizeVCPUs` has been called at (2),
and then cpuset is written to cgourps file.
Fixes: #1159
Signed-off-by: bin liu <bin@hyper.sh>
We should always cleanup the vm directory when doing `stopSandbox`,
while we are skipping the cleanup process on some error code paths when
using cloud-hypervisor driver.
Fixes: #1098
Signed-off-by: Bo Chen <chen.bo@intel.com>
Otherwise `make install` run from the top directory would just fail as
the target is not defined.
Fixes: #1149
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Before loading a module, the check subcommand should check if the
current user can load it.
fixes#3085
Signed-off-by: Julio Montes <julio.montes@intel.com>
Don't fail if rate limit is exceeded since this is a
limitation/restriction of Github not a problem in the host.
Print a warning when the rate limit is exceeded.
For more information about Github's rate limit, see
https://developer.github.com/v3/#rate-limiting
Signed-off-by: Julio Montes <julio.montes@intel.com>
The main process do unshare pid namespace, the process
couldn't spawn new thread, in order to avoid this issue,
fork a new child process and do the pid namespace unshare
in the new temporary process.
Fixes: #1140
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since kata containers shared the network ns with
the guest system, thus there's no need to do the
network ns check.
Fixes: #1047
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In first shim v2 startup(with `start` command-line option), it will start
the second shim v2 process running as ttrpc server, there is no needs to
wait the second process, because the current shim v2 process will exit immediately.
Fixes: #1127
Signed-off-by: bin liu <bin@hyper.sh>
In PR 1079, CleanupContainer's parameter of sandboxID is changed to VCSandbox, but at cleanup,
there is no VCSandbox is constructed, we should load it from disk by loadSandboxConfig() in
persist.go. This commit reverts parts of #1079Fixes: #1119
Signed-off-by: bin liu <bin@hyper.sh>
Split some of the core hypervisor details out of the virtualisation
document and present in a simpler fashion for new users.
Fixes: #1063.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Under stress, the agent can be OOM-killed, which exists the sandbox.
One possible hard-to-diagnose manifestation is a virtiofsd crash.
Fixes: #1111
Reported-by: Qian Cai <caiqian@redhat.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
