tee: osbuilder: Set /run to use 50% of the image with systemd

Let's ensure at least 50% of the memory is used for /run, as systemd by default forces it to be 10%, which is way too small even for very small workloads. This is only done for the rootfs-confidential image. Fixes: kata-containers#6775 Signed-off-by: Alex Carter <Alex.Carter@ibm.com> Signed-off-by: Wang, Arron <arron.wang@intel.com> Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.co Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2025-08-02 08:17:01 +00:00 · 2023-06-07 20:21:45 +00:00 · 2023-06-07 20:21:45 +00:00 · 4a8fb475be
commit 4a8fb475be
parent 2a9ed19512
1 changed files with 14 additions and 0 deletions
--- a/tools/osbuilder/rootfs-builder/rootfs.sh
+++ b/tools/osbuilder/rootfs-builder/rootfs.sh
@ -708,6 +708,20 @@ EOF
 		mkdir -p "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants"
 		ln -sf "/usr/lib/systemd/system/dbus.socket" "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants/dbus.socket"
 		chmod g+rx,o+x "${ROOTFS_DIR}"
+
+		if [ "${CONFIDENTIAL_GUEST}" == "yes" ]; then
+			info "Tweaking /run to use 50% of the available memory"
+			# Tweak the kata-agent service to have /run using 50% of the memory available
+			# This is needed as, by default, systemd would only allow 10%, which is way
+			# too low, even for very small test images
+			fstab_file="${ROOTFS_DIR}/etc/fstab"
+			[ -e ${fstab_file} ] && sed -i '/\/run/d' ${fstab_file}
+			echo "tmpfs /run tmpfs nodev,nosuid,size=50% 0 0" >> ${fstab_file}
+
+			kata_systemd_target="${ROOTFS_DIR}/usr/lib/systemd/system/kata-containers.target"
+			grep -qE "^Requires=.*systemd-remount-fs.service.*" ${kata_systemd_target} || \
+				echo "Requires=systemd-remount-fs.service" >> ${kata_systemd_target}
+		fi
 	fi

 	if [ "${AGENT_POLICY}" == "yes" ]; then