github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-17 15:38:00 +00:00
Code Issues Projects Releases Wiki Activity

osbuilder: add CC's agent config file to rootfs for offline_sev_kbc

Browse Source 
Adds default config file.
Adds case in rootfs.sh to copy config.

Fixes kata-containers#5023

Fixes: #5023

Signed-Off-By: Alex Carter <alex.carter@ibm.com>
This commit is contained in:
Alex Carter 2022-08-29 14:42:30 +00:00
parent e528b63f4f
commit 9f643ac9c8
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
tools/osbuilder/rootfs-builder/agent-config.toml.in Normal file
View File

@ -0,0 +1,44 @@
# Copyright (c) 2022 IBM Corp.
#
# SPDX-License-Identifier: Apache-2.0
#
aa_kbc_params = "$AA_KBC_PARAMS"
[endpoints]
allowed = [
"AddARPNeighborsRequest",
"AddSwapRequest",
"CloseStdinRequest",
"CopyFileRequest",
"CreateContainerRequest",
"CreateSandboxRequest",
"DestroySandboxRequest",
# "ExecProcessRequest",
"GetMetricsRequest",
"GetOOMEventRequest",
"GuestDetailsRequest",
"ListInterfacesRequest",
"ListRoutesRequest",
"MemHotplugByProbeRequest",
"OnlineCPUMemRequest",
"PauseContainerRequest",
"PullImageRequest",
"ReadStreamRequest",
"RemoveContainerRequest",
# "ReseedRandomDevRequest",
"ResumeContainerRequest",
"SetGuestDateTimeRequest",
"SignalProcessRequest",
"StartContainerRequest",
"StartTracingRequest",
"StatsContainerRequest",
"StopTracingRequest",
"TtyWinResizeRequest",
"UpdateContainerRequest",
"UpdateInterfaceRequest",
"UpdateRoutesRequest",
"WaitProcessRequest",
"WriteStreamRequest"
]

5
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -654,7 +654,10 @@ EOF
UMOCI="yes"
warning "UMOCI wasn't set, but is required for attestation, so overridden"
fi
if [ "${AA_KBC}" == "offline_sev_kbc" ]; then
info "Adding agent config for ${AA_KBC}"
AA_KBC_PARAMS="offline_sev_kbc::null" envsubst < "${script_dir}/agent-config.toml.in" | tee "${ROOTFS_DIR}/etc/agent-config.toml"
fi
attestation_agent_url="$(get_package_version_from_kata_yaml externals.attestation-agent.url)"
attestation_agent_branch="$(get_package_version_from_kata_yaml externals.attestation-agent.branch)"
info "Install attestation-agent with KBC ${AA_KBC}"

1
tools/osbuilder/rootfs-builder/ubuntu/Dockerfile.in
View File

@ -39,6 +39,7 @@ RUN apt-get update && \
musl-tools \
pkg-config \
protobuf-compiler \
gettext-base \
umoci
# aarch64 requires this name -- link for all