`HookState` was removed from libcontainer, fortunately it was an alias for
`specs.State`, use `specs.State` instead.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Reimplement `setupSandboxCgroup` to support cgroupsV2 and systemd cgroups
using libcontainer instead of containerd/cgroups.
As an initial effort to support these cgroups, `sandbox_cgroup_only` must
be set to `true` in configuration file.
fixes#2350
Signed-off-by: Julio Montes <julio.montes@intel.com>
move `validCgroupPath` to `cgroups.go` since it's cgroups specific.
Now `validCgroupPath` supports systemd cgroup path and returns a cgroup path
ready to use, calls to `renameCgroupPath` are no longer needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
systemd paramenter is no longer needed since `isSystemdCgroup` function
can be used to know if the cgroup path is a systemd cgroup path.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add function to create a new cgroup manager depending on the cgroups path and
if the runtime is running rootless.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add function to identify if the given cgroup path is a systemd
cgroup path.
We need to parse the cgroup path to know which cgroup manager we have to use,
since some container engines do not use `--systemd-cgroup` runtime option.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`CgroupPaths` is a map that saves the cgroup type and path that were used for
the sandbox to create the cgroups
`Cgroups` contains information about sandbox's cgroups and its constraints.
Both variables can be used to create a cgroup configuration needed to
manipulate cgroups in the host.
currently kata uses `containerd/cgroups` and `libcontainer` to create cgroups.
`CgroupPaths` will replace to `CgroupPath` once kata uses *only* `libcontainer`
Signed-off-by: Julio Montes <julio.montes@intel.com>
Keep old store restore functions for keeping backward compatibility, if
old store files are found from disk, restore them with old store first.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
Add two interfaces for fs storage driver for supporting global writing
and reading, which is used by ACRN.
Signed-off-by: Wei Zhang <weizhang555@gmail.com>
Fix VM template storage leak by adding delete operations, we need to
delete sandbox storage dirs when stop VM.
Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
Fixes#803
Move "newstore" features out of experimental feature list, from this
commit "newstore" will be default enabled.
Signed-off-by: Wei Zhang <weizhang555@gmail.com>
Otherwise we fail to run it with non-root user with errors like:
`mkdir /var/lib/vc/uuid: permission denied`
Fixes: #2370
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To control whether an image rootfs is used as nvdimm device or just
plain virtio-block device.
Fixes: #2372
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Do not implement in each arch code. We should have a generic
implementation instead.
-. amd64 and arm64 uses nvdimm
-. ppc64le and s390x uses virtio-blk
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
In oderder to make unit testing simpler,
lets add an interface that could be mocked.
Let hypervisor have a instance of virtiofsd interface,
and this makes a loose dependency to allow mock testing.
With the inteface is possible to add startSandbox unit test:
- use utils.StartCmd to mock call to start hypervisor process.
- Add unit test for startSandbox.
Fixes: #2367
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Check if path is not empty this makes, this help
unit test know why the function failed.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
9p values are ignored by virtiofs, but this should be
not changed on validation to allow have unit test with
virtiofs config.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add unit test for clh.
- Check endpoint has valid values for CH.
- Add unit tests
- Add force flag to ignore cleanup errors.
- Add unit tests.
- Fail if hypervisor ID is empty.
- Add createSandbox uni test
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add interface with the same methods of client,
this will help to decouple the implementation
and help use to do mock testing.
Add Mock client and add bootVM unit test
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When we used jailer to launch firecracker, kata container failed due
to the following causes:
1. new flag `--config-file` belongs to the jailed firecracker,
so, adhering to the `end of command options` convention, we need to
give `--config-file` a prefix `--`.
2. The path of the config file(`fcConfig.json`) should be also
relative to the jailed firecracker.
3. Since we do the configuration before func `fcInit` now, we also need
to bring `jailer check` ahead.
4. The config file should be umounted and cleaned up.
Fixes: #2362
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
- ip and mask are not needed anymore.
- fs queues are set by cloud-hypervisor.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Otherwise if we fail to stop it, container state is set as StateStopped.
And future force stop will just be ignored. Then when we force delete
the container, we are deleting it without actually cleaning up container
resources especially the host shared mounts, which would be removed by
agent cleanup code and we endup removing container volume contents
unexpectedly.
Fixes: #2345
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
