diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index 764733f7c8..9bb380abf8 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -170,11 +170,7 @@ DEFMSIZE9P := 8192 DEFVFIOMODE := guest-kernel ##VAR DEFSANDBOXCGROUPONLY= Default cgroup model DEFSANDBOXCGROUPONLY ?= false -DEFSANDBOXCGROUPONLY_DB ?= true -DEFSANDBOXCGROUPONLY_FC ?= true DEFSTATICRESOURCEMGMT ?= false -DEFSTATICRESOURCEMGMT_DB ?= false -DEFSTATICRESOURCEMGMT_FC ?= true DEFBINDMOUNTS := [] DEFDANCONF := /run/kata-containers/dans SED = sed @@ -225,7 +221,8 @@ ifneq (,$(DBCMD)) KERNELTYPE_DB = uncompressed KERNEL_NAME_DB = $(call MAKE_KERNEL_NAME_DB,$(KERNELTYPE_DB)) KERNELPATH_DB = $(KERNELDIR)/$(KERNEL_NAME_DB) - DEFSANDBOXCGROUPONLY_DB = true + DEFSANDBOXCGROUPONLY_DB := true + DEFSTATICRESOURCEMGMT_DB := false RUNTIMENAME := virt_container PIPESIZE := 1 DBSHAREDFS := inline-virtio-fs @@ -254,8 +251,8 @@ ifneq (,$(CLHCMD)) KERNELPATH_CLH = $(KERNELDIR)/$(KERNEL_NAME_CLH) VMROOTFSDRIVER_CLH := virtio-pmem - DEFSTATICRESOURCEMGMT = true - DEFSANDBOXCGROUPONLY = true + DEFSANDBOXCGROUPONLY_CLH := true + DEFSTATICRESOURCEMGMT_CLH := true endif ifneq (,$(QEMUCMD)) @@ -281,7 +278,7 @@ ifneq (,$(QEMUCMD)) KERNELPATH_QEMU = $(KERNELDIR)/$(KERNEL_NAME_QEMU) # overriding options - DEFSTATICRESOURCEMGMT = true + DEFSTATICRESOURCEMGMT_QEMU := true # qemu-specific options DEFSANDBOXCGROUPONLY_QEMU := false @@ -300,6 +297,7 @@ endif DEFSECCOMPSANDBOXPARAM := on,obsolete=deny,spawn=deny,resourcecontrol=deny DEFGUESTSELINUXLABEL := system_u:system_r:container_t endif + ifneq (,$(FCCMD)) KNOWN_HYPERVISORS += $(HYPERVISOR_FC) CONFIG_FILE_FC = configuration-rs-fc.toml @@ -318,9 +316,9 @@ ifneq (,$(FCCMD)) KERNELTYPE_FC = uncompressed KERNEL_NAME_FC = $(call MAKE_KERNEL_NAME_FC,$(KERNELTYPE_FC)) KERNELPATH_FC = $(KERNELDIR)/$(KERNEL_NAME_FC) - DEFSANDBOXCGROUPONLY_FC = true + DEFSANDBOXCGROUPONLY_FC := true RUNTIMENAME := virt_container - DEFSTATICRESOURCEMGMT_FC ?= true + DEFSTATICRESOURCEMGMT_FC := true endif ifeq ($(DEFAULT_HYPERVISOR),$(HYPERVISOR_DB)) @@ -449,9 +447,12 @@ USER_VARS += DEFSANDBOXCGROUPONLY USER_VARS += DEFSANDBOXCGROUPONLY_QEMU USER_VARS += DEFSANDBOXCGROUPONLY_DB USER_VARS += DEFSANDBOXCGROUPONLY_FC +USER_VARS += DEFSANDBOXCGROUPONLY_CLH USER_VARS += DEFSTATICRESOURCEMGMT USER_VARS += DEFSTATICRESOURCEMGMT_DB USER_VARS += DEFSTATICRESOURCEMGMT_FC +USER_VARS += DEFSTATICRESOURCEMGMT_CLH +USER_VARS += DEFSTATICRESOURCEMGMT_QEMU USER_VARS += DEFBINDMOUNTS USER_VARS += DEFVFIOMODE USER_VARS += BUILDFLAGS diff --git a/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in b/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in index 795edacab3..0cb17abb2f 100644 --- a/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in +++ b/src/runtime-rs/config/configuration-cloud-hypervisor.toml.in @@ -317,7 +317,7 @@ disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup is constrained if there is no container type annotation. # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType -sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ +sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_CLH@ # Enabled experimental feature list, format: ["a", "b"]. # Experimental features are features not stable enough for production, @@ -337,7 +337,7 @@ experimental=@DEFAULTEXPFEATURES@ # - When running with pods, sandbox sizing information will only be available if using Kubernetes >= 1.23 and containerd >= 1.6. CRI-O # does not yet support sandbox sizing annotations. # - When running single containers using a tool like ctr, container sizing information will be available. -static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT@ +static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT_CLH@ # If specified, sandbox_bind_mounts identifieds host paths to be mounted(ro, rw) into the sandboxes shared path. # This is only valid if filesystem sharing is utilized. The provided path(s) will be bindmounted into the shared fs directory. diff --git a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in index 6f20e55f70..3e3b3a1ac2 100644 --- a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in @@ -666,7 +666,7 @@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_QEMU@ # - When running with pods, sandbox sizing information will only be available if using Kubernetes >= 1.23 and containerd >= 1.6. CRI-O # does not yet support sandbox sizing annotations. # - When running single containers using a tool like ctr, container sizing information will be available. -static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT@ +static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT_QEMU@ # If specified, sandbox_bind_mounts identifieds host paths to be mounted (ro) into the sandboxes shared path. # This is only valid if filesystem sharing is utilized. The provided path(s) will be bindmounted into the shared fs directory. diff --git a/src/runtime-rs/config/configuration-rs-fc.toml.in b/src/runtime-rs/config/configuration-rs-fc.toml.in index 786b1b2a92..2fbb4f26a9 100644 --- a/src/runtime-rs/config/configuration-rs-fc.toml.in +++ b/src/runtime-rs/config/configuration-rs-fc.toml.in @@ -51,7 +51,7 @@ valid_jailer_paths = @FCVALIDJAILERPATHS@ # may stop the virtual machine from booting. # To see the list of default parameters, enable hypervisor debug, create a # container and look for 'default-kernel-parameters' log entries. -kernel_params = "@KERNELPARAMS@" +kernel_params = "@KERNELPARAMS_FC@" # Default number of vCPUs per SB/VM: # unspecified or 0 --> will be set to @DEFVCPUS@