In src/runtime-rs/crates/hypervisor/src/device/vfio.rs,
the path of new_id is defined as a const, but unbind is used
as a local variable, they should be unified to const.
Fixes: #5189
Signed-off-by: Bin Liu <bin@hyper.sh>
Some device types have the same definition, they can be implemented
by macro to reduce code.
And this commit also deleted the `peer_name` field of the structs that
is never been used.
Fixes: #5170
Signed-off-by: Bin Liu <bin@hyper.sh>
Let client side support timeout if the timeout value is set.
If timeout not set, execute directly.
Fixes: #5114
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
Add client side function(public), to establish http connections (PUT,
POST, GET) to the long standing shim mgmt server.
Fixes: #5114
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
Add agent-url to its handler. The general framework of registering URL
handlers is done.
Fixes: #5114
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
Add shim management http server and boot it as a light-weight thread
when the sandbox is created.
Fixes: #5114
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
period should have a type of u64, and quota should be i64, the
function of getting CPU period and quota from annotations should
use the same data type as function return type.
Fixes: #5100
Signed-off-by: Bin Liu <bin@hyper.sh>
In some case the call of cleanup from shim to service manager will fail,
and the shim process will continue to running, that will make process leak.
This commit will force shutdown the shim process in case of any errors in
service crate.
Fixes: #5087
Signed-off-by: Bin Liu <bin@hyper.sh>
amend_spec do two works:
- modify the spec
- check if the pid namespace is enabled
This make it confusable. So split it into two functions.
Fixes: #5062
Signed-off-by: Bin Liu <bin@hyper.sh>
One of the checks done by cargo-deny is ensuring all crates have a valid
license. As the rust programs import each other, cargo.toml files
without licenses trigger the check. While I could disable this check
this would be bad practice.
This adds an Apache-2.0 license in the Cargo.toml files.
Some of these files already had a header comment saying it is an Apache
license. As the entire project itself is under an Apache-2.0 license, I
assumed all individual components would also be covered under that
license.
Signed-off-by: Derek Lee <derlee@redhat.com>
Users can specify the kernel module to be loaded through the agent
configuration in kata configuration file or in pod anotation file.
And information of those modules will be sent to kata agent when
sandbox is created.
Fixes: #4894
Signed-off-by: Yushuo <y-shuo@linux.alibaba.com>
So that we bump several indirect dependencies like crossbeam-channel,
crossbeam-utils to bring in fixes to known security issues like CVE-2020-15254.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
vergen is a build dependency, but it is not being used.
we are processing ver/commit hash by make command, but not by vergen.
Fixes: #4920
Signed-off-by: Bin Liu <bin@hyper.sh>
As route model is used for specific internal scenario, and it's not for
the general requirement.
Fixes:#4838
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
Linux 5.14 supports core scheduling to have better security control
for SMT siblings. This PR supports that.
Fixes: #4429
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
