diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index eee60818a..09ba3bc38 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -73,11 +73,15 @@ LIBEXECDIR := $(PREFIXDEPS)/libexec SHAREDIR := $(PREFIX)/share DEFAULTSDIR := $(SHAREDIR)/defaults CLHBINDIR := $(PREFIXDEPS)/bin +QEMUBINDIR := $(PREFIXDEPS)/bin PROJECT_DIR = $(PROJECT_TAG) IMAGENAME = $(PROJECT_TAG).img +INITRDNAME = $(PROJECT_TAG)-initrd.img TARGET = $(PROJECT_COMPONENT) SYSCONFDIR := /etc +LOCALSTATEDIR := /var CONFIG_FILE = configuration.toml +RUNTIMENAME := virt_container HYPERVISOR_DB = dragonball HYPERVISOR_ACRN = acrn HYPERVISOR_FC = firecracker @@ -95,8 +99,10 @@ CLHVALIDHYPERVISORPATHS := [\"$(CLHPATH)\"] DBVALIDHYPERVISORPATHS := [] PKGDATADIR := $(PREFIXDEPS)/share/$(PROJECT_DIR) +PKGRUNDIR := $(LOCALSTATEDIR)/run/$(PROJECT_DIR) KERNELDIR := $(PKGDATADIR) IMAGEPATH := $(PKGDATADIR)/$(IMAGENAME) +INITRDPATH := $(PKGDATADIR)/$(INITRDNAME) ROOTFSTYPE_EXT4 := \"ext4\" ROOTFSTYPE_XFS := \"xfs\" @@ -135,11 +141,7 @@ DEFENTROPYSOURCE := /dev/urandom DEFVALIDENTROPYSOURCES := [\"/dev/urandom\",\"/dev/random\",\"\"] DEFDISABLEBLOCK := false DEFSHAREDFS_CLH_VIRTIOFS := virtio-fs -DEFSHAREDFS_QEMU_VIRTIOFS := virtio-fs -DEFVIRTIOFSDAEMON := $(LIBEXECDIR)/kata-qemu/virtiofsd -ifeq ($(ARCH),x86_64) DEFVIRTIOFSDAEMON := $(LIBEXECDIR)/virtiofsd -endif DEFVALIDVIRTIOFSDAEMONPATHS := [\"$(DEFVIRTIOFSDAEMON)\"] ##VAR DEFVIRTIOFSCACHESIZE= Default DAX mapping cache size in MiB # if value is 0, DAX is not enabled @@ -176,7 +178,6 @@ MONITOR_OUTPUT = $(CURDIR)/$(MONITOR) MONITOR_DIR = $(CLI_DIR)/kata-monitor SOURCES := $(shell find . 2>&1 | grep -E '.*\.(c|h|go)$$') VERSION := ${shell cat ./VERSION} -KERNELPARAMS := "" # List of configuration files to build and install CONFIGS = @@ -245,14 +246,58 @@ ifneq (,$(CLHCMD)) VMROOTFSDRIVER_CLH := virtio-pmem endif +ifneq (,$(QEMUCMD)) + KNOWN_HYPERVISORS += $(HYPERVISOR_QEMU) + + CONFIG_FILE_QEMU = configuration-qemu.toml + CONFIG_QEMU = config/$(CONFIG_FILE_QEMU) + CONFIG_QEMU_IN = $(CONFIG_QEMU).in + + QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD) + QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"] + + CONFIG_PATH_QEMU = $(abspath $(CONFDIR)/$(CONFIG_FILE_QEMU)) + CONFIG_PATHS += $(CONFIG_PATH_QEMU) + + SYSCONFIG_QEMU = $(abspath $(SYSCONFDIR)/$(CONFIG_FILE_QEMU)) + SYSCONFIG_PATHS += $(SYSCONFIG_QEMU) + + CONFIGS += $(CONFIG_QEMU) + + KERNELTYPE_QEMU = uncompressed + KERNEL_NAME_QEMU = $(call MAKE_KERNEL_NAME,$(KERNELTYPE_QEMU)) + KERNELPATH_QEMU = $(KERNELDIR)/$(KERNEL_NAME_QEMU) + + # overriding options + DEFSTATICRESOURCEMGMT = true + + # qemu-specific options + DEFSANDBOXCGROUPONLY_QEMU := false + VMROOTFSDRIVER_QEMU := virtio-pmem + DEFVCPUS_QEMU := 1 + DEFMAXVCPUS_QEMU := 0 + DEFSHAREDFS_QEMU_VIRTIOFS := virtio-fs + DEFBLOCKSTORAGEDRIVER_QEMU := virtio-scsi + DEFBLOCKDEVICEAIO_QEMU := io_uring + DEFNETWORKMODEL_QEMU := tcfilter + DEFDISABLEGUESTSELINUX := true + DEFSECCOMPSANDBOXPARAM := on,obsolete=deny,spawn=deny,resourcecontrol=deny + DEFGUESTSELINUXLABEL := system_u:system_r:container_t +endif + ifeq ($(DEFAULT_HYPERVISOR),$(HYPERVISOR_DB)) DEFAULT_HYPERVISOR_CONFIG = $(CONFIG_FILE_DB) endif + +ifeq ($(DEFAULT_HYPERVISOR),$(HYPERVISOR_QEMU)) + DEFAULT_HYPERVISOR_CONFIG = $(CONFIG_FILE_QEMU) +endif # list of variables the user may wish to override USER_VARS += ARCH USER_VARS += BINDIR USER_VARS += CONFIG_DB_IN USER_VARS += CONFIG_PATH +USER_VARS += CONFIG_QEMU_IN USER_VARS += DESTDIR USER_VARS += DEFAULT_HYPERVISOR USER_VARS += DBCMD @@ -263,19 +308,23 @@ USER_VARS += DBCTLPATH USER_VARS += DBVALIDCTLPATHS USER_VARS += CLHPATH USER_VARS += CLHVALIDHYPERVISORPATHS +USER_VARS += QEMUPATH +USER_VARS += QEMUVALIDHYPERVISORPATHS USER_VARS += FIRMWAREPATH_CLH USER_VARS += KERNELPATH_CLH USER_VARS += SYSCONFIG USER_VARS += IMAGENAME USER_VARS += IMAGEPATH +USER_VARS += INITRDPATH USER_VARS += DEFROOTFSTYPE USER_VARS += VMROOTFSDRIVER_DB USER_VARS += VMROOTFSDRIVER_CLH +USER_VARS += VMROOTFSDRIVER_QEMU USER_VARS += MACHINETYPE USER_VARS += KERNELDIR USER_VARS += KERNELTYPE USER_VARS += KERNELPATH_DB -USER_VARS += KERNELPATH +USER_VARS += KERNELPATH_QEMU USER_VARS += KERNELVIRTIOFSPATH USER_VARS += FIRMWAREPATH USER_VARS += FIRMWAREVOLUMEPATH @@ -300,21 +349,27 @@ USER_VARS += RUNTIME_NAME USER_VARS += SHAREDIR USER_VARS += SYSCONFDIR USER_VARS += DEFVCPUS +USER_VARS += DEFVCPUS_QEMU USER_VARS += DEFMAXVCPUS USER_VARS += DEFMAXVCPUS_ACRN USER_VARS += DEFMAXVCPUS_DB +USER_VARS += DEFMAXVCPUS_QEMU USER_VARS += DEFMEMSZ USER_VARS += DEFMEMSLOTS USER_VARS += DEFMAXMEMSZ USER_VARS += DEFBRIDGES USER_VARS += DEFNETWORKMODEL_DB USER_VARS += DEFNETWORKMODEL_CLH +USER_VARS += DEFNETWORKMODEL_QEMU USER_VARS += DEFDISABLEGUESTEMPTYDIR USER_VARS += DEFDISABLEGUESTSECCOMP USER_VARS += DEFDISABLESELINUX +USER_VARS += DEFDISABLEGUESTSELINUX USER_VARS += DEFAULTEXPFEATURES USER_VARS += DEFDISABLEBLOCK USER_VARS += DEFBLOCKSTORAGEDRIVER_DB +USER_VARS += DEFBLOCKSTORAGEDRIVER_QEMU +USER_VARS += DEFBLOCKDEVICEAIO_QEMU USER_VARS += DEFSHAREDFS_CLH_VIRTIOFS USER_VARS += DEFSHAREDFS_QEMU_VIRTIOFS USER_VARS += DEFVIRTIOFSDAEMON @@ -325,6 +380,8 @@ USER_VARS += DEFVIRTIOFSQUEUESIZE USER_VARS += DEFVIRTIOFSEXTRAARGS USER_VARS += DEFENABLEANNOTATIONS USER_VARS += DEFENABLEIOTHREADS +USER_VARS += DEFSECCOMPSANDBOXPARAM +USER_VARS += DEFGUESTSELINUXLABEL USER_VARS += DEFENABLEVHOSTUSERSTORE USER_VARS += DEFVHOSTUSERSTOREPATH USER_VARS += DEFVALIDVHOSTUSERSTOREPATHS @@ -334,6 +391,7 @@ USER_VARS += DEFMSIZE9P USER_VARS += DEFENTROPYSOURCE USER_VARS += DEFVALIDENTROPYSOURCES USER_VARS += DEFSANDBOXCGROUPONLY +USER_VARS += DEFSANDBOXCGROUPONLY_QEMU USER_VARS += DEFSTATICRESOURCEMGMT USER_VARS += DEFSTATICRESOURCEMGMT_DB USER_VARS += DEFBINDMOUNTS @@ -342,6 +400,7 @@ USER_VARS += BUILDFLAGS USER_VARS += RUNTIMENAME USER_VARS += HYPERVISOR_DB USER_VARS += HYPERVISOR_CLH +USER_VARS += HYPERVISOR_QEMU USER_VARS += PIPESIZE USER_VARS += DBSHAREDFS USER_VARS += KATA_INSTALL_GROUP diff --git a/src/runtime-rs/config/configuration-qemu.toml.in b/src/runtime-rs/config/configuration-qemu.toml.in index e9b6c33dc..933960b82 100644 --- a/src/runtime-rs/config/configuration-qemu.toml.in +++ b/src/runtime-rs/config/configuration-qemu.toml.in @@ -648,7 +648,7 @@ disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup is constrained if there is no container type annotation. # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType -sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ +sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_QEMU@ # If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In # this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful