runtime-rs: Decouple Makefile env VARS

To avoid overriding env vars when multiple hypervisors are
available, we add per-hypervisor vars for static resource
management and cgroups handling. We reflect that in the
relevant config files as well.

Signed-off-by: Anastassios Nanos <ananos@nubificus.co.uk>

src/runtime-rs/Makefile

@@ -170,11 +170,7 @@ DEFMSIZE9P := 8192
 DEFVFIOMODE := guest-kernel
 ##VAR DEFSANDBOXCGROUPONLY=<bool> Default cgroup model
 DEFSANDBOXCGROUPONLY ?= false
-DEFSANDBOXCGROUPONLY_DB ?= true
-DEFSANDBOXCGROUPONLY_FC ?= true
 DEFSTATICRESOURCEMGMT ?= false
-DEFSTATICRESOURCEMGMT_DB ?= false
-DEFSTATICRESOURCEMGMT_FC ?= true
 DEFBINDMOUNTS := []
 DEFDANCONF := /run/kata-containers/dans
 SED = sed
@@ -225,7 +221,8 @@ ifneq (,$(DBCMD))
     KERNELTYPE_DB = uncompressed
     KERNEL_NAME_DB = $(call MAKE_KERNEL_NAME_DB,$(KERNELTYPE_DB))
     KERNELPATH_DB = $(KERNELDIR)/$(KERNEL_NAME_DB)
-    DEFSANDBOXCGROUPONLY_DB = true
+    DEFSANDBOXCGROUPONLY_DB := true
+    DEFSTATICRESOURCEMGMT_DB := false
     RUNTIMENAME := virt_container
     PIPESIZE := 1
     DBSHAREDFS := inline-virtio-fs
@@ -254,8 +251,8 @@ ifneq (,$(CLHCMD))
     KERNELPATH_CLH = $(KERNELDIR)/$(KERNEL_NAME_CLH)
     VMROOTFSDRIVER_CLH := virtio-pmem
 
-    DEFSTATICRESOURCEMGMT = true
+    DEFSANDBOXCGROUPONLY_CLH := true
-    DEFSANDBOXCGROUPONLY = true
+    DEFSTATICRESOURCEMGMT_CLH := true
 endif
 
 ifneq (,$(QEMUCMD))
@@ -281,7 +278,7 @@ ifneq (,$(QEMUCMD))
     KERNELPATH_QEMU = $(KERNELDIR)/$(KERNEL_NAME_QEMU)
 
     # overriding options
-    DEFSTATICRESOURCEMGMT = true
+    DEFSTATICRESOURCEMGMT_QEMU := true
 
     # qemu-specific options
     DEFSANDBOXCGROUPONLY_QEMU := false
@@ -300,6 +297,7 @@ endif
     DEFSECCOMPSANDBOXPARAM := on,obsolete=deny,spawn=deny,resourcecontrol=deny
     DEFGUESTSELINUXLABEL := system_u:system_r:container_t
 endif
+
 ifneq (,$(FCCMD))
     KNOWN_HYPERVISORS += $(HYPERVISOR_FC)
     CONFIG_FILE_FC = configuration-rs-fc.toml
@@ -318,9 +316,9 @@ ifneq (,$(FCCMD))
     KERNELTYPE_FC = uncompressed
     KERNEL_NAME_FC = $(call MAKE_KERNEL_NAME_FC,$(KERNELTYPE_FC))
     KERNELPATH_FC = $(KERNELDIR)/$(KERNEL_NAME_FC)
-    DEFSANDBOXCGROUPONLY_FC = true
+    DEFSANDBOXCGROUPONLY_FC := true
     RUNTIMENAME := virt_container
-    DEFSTATICRESOURCEMGMT_FC ?= true
+    DEFSTATICRESOURCEMGMT_FC := true
 endif
 
 ifeq ($(DEFAULT_HYPERVISOR),$(HYPERVISOR_DB))
@@ -449,9 +447,12 @@ USER_VARS += DEFSANDBOXCGROUPONLY
 USER_VARS += DEFSANDBOXCGROUPONLY_QEMU
 USER_VARS += DEFSANDBOXCGROUPONLY_DB
 USER_VARS += DEFSANDBOXCGROUPONLY_FC
+USER_VARS += DEFSANDBOXCGROUPONLY_CLH
 USER_VARS += DEFSTATICRESOURCEMGMT
 USER_VARS += DEFSTATICRESOURCEMGMT_DB
 USER_VARS += DEFSTATICRESOURCEMGMT_FC
+USER_VARS += DEFSTATICRESOURCEMGMT_CLH
+USER_VARS += DEFSTATICRESOURCEMGMT_QEMU
 USER_VARS += DEFBINDMOUNTS
 USER_VARS += DEFVFIOMODE
 USER_VARS += BUILDFLAGS

src/runtime-rs/config/configuration-cloud-hypervisor.toml.in

@@ -317,7 +317,7 @@ disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@
 # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation.
 # The sandbox cgroup is constrained if there is no container type annotation.
 # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType
-sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@
+sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_CLH@
 
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
@@ -337,7 +337,7 @@ experimental=@DEFAULTEXPFEATURES@
 # - When running with pods, sandbox sizing information will only be available if using Kubernetes >= 1.23 and containerd >= 1.6. CRI-O
 #   does not yet support sandbox sizing annotations.
 # - When running single containers using a tool like ctr, container sizing information will be available.
-static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT@
+static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT_CLH@
 
 # If specified, sandbox_bind_mounts identifieds host paths to be mounted(ro, rw) into the sandboxes shared path.
 # This is only valid if filesystem sharing is utilized. The provided path(s) will be bindmounted into the shared fs directory.

src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in

@@ -666,7 +666,7 @@ sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY_QEMU@
 # - When running with pods, sandbox sizing information will only be available if using Kubernetes >= 1.23 and containerd >= 1.6. CRI-O
 #   does not yet support sandbox sizing annotations.
 # - When running single containers using a tool like ctr, container sizing information will be available.
-static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT@
+static_sandbox_resource_mgmt=@DEFSTATICRESOURCEMGMT_QEMU@
 
 # If specified, sandbox_bind_mounts identifieds host paths to be mounted (ro) into the sandboxes shared path.
 # This is only valid if filesystem sharing is utilized. The provided path(s) will be bindmounted into the shared fs directory.

src/runtime-rs/config/configuration-rs-fc.toml.in

@@ -51,7 +51,7 @@ valid_jailer_paths = @FCVALIDJAILERPATHS@
 # may stop the virtual machine from booting.
 # To see the list of default parameters, enable hypervisor debug, create a
 # container and look for 'default-kernel-parameters' log entries.
-kernel_params = "@KERNELPARAMS@"
+kernel_params = "@KERNELPARAMS_FC@"
 
 # Default number of vCPUs per SB/VM:
 # unspecified or 0                --> will be set to @DEFVCPUS@