From 4a8fb475bebe9d373e5c3e05f8ab7c23ee8c2a9e Mon Sep 17 00:00:00 2001 From: Alex Carter Date: Wed, 7 Jun 2023 20:21:45 +0000 Subject: [PATCH] tee: osbuilder: Set /run to use 50% of the image with systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's ensure at least 50% of the memory is used for /run, as systemd by default forces it to be 10%, which is way too small even for very small workloads. This is only done for the rootfs-confidential image. Fixes: kata-containers#6775 Signed-off-by: Alex Carter Signed-off-by: Wang, Arron Signed-off-by: ChengyuZhu6 --- tools/osbuilder/rootfs-builder/rootfs.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index d2e7a4ba5e..f604ec5d0e 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -708,6 +708,20 @@ EOF mkdir -p "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants" ln -sf "/usr/lib/systemd/system/dbus.socket" "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants/dbus.socket" chmod g+rx,o+x "${ROOTFS_DIR}" + + if [ "${CONFIDENTIAL_GUEST}" == "yes" ]; then + info "Tweaking /run to use 50% of the available memory" + # Tweak the kata-agent service to have /run using 50% of the memory available + # This is needed as, by default, systemd would only allow 10%, which is way + # too low, even for very small test images + fstab_file="${ROOTFS_DIR}/etc/fstab" + [ -e ${fstab_file} ] && sed -i '/\/run/d' ${fstab_file} + echo "tmpfs /run tmpfs nodev,nosuid,size=50% 0 0" >> ${fstab_file} + + kata_systemd_target="${ROOTFS_DIR}/usr/lib/systemd/system/kata-containers.target" + grep -qE "^Requires=.*systemd-remount-fs.service.*" ${kata_systemd_target} || \ + echo "Requires=systemd-remount-fs.service" >> ${kata_systemd_target} + fi fi if [ "${AGENT_POLICY}" == "yes" ]; then