runtime: Support privileged containers in peer pod VM

This patch fixes the issue of running containers
with privileged as true.

See the discussion at this URL for the details.
https://github.com/confidential-containers/cloud-api-adaptor/issues/111

Author:    Lei Li <cdlleili@cn.ibm.com>
Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>

src/runtime/pkg/katautils/config.go

@@ -1060,6 +1060,9 @@ func newRemoteHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 	return vc.HypervisorConfig{
 		RemoteHypervisorSocket:  h.RemoteHypervisorSocket,
 		RemoteHypervisorTimeout: h.RemoteHypervisorTimeout,
+
+		// No valid value so avoid to append block device to list in kata_agent.appendDevices
+		BlockDeviceDriver: "dummy",
 	}, nil
 }
 

src/runtime/virtcontainers/kata_agent.go

@@ -1133,7 +1133,7 @@ func (k *kataAgent) appendDevices(deviceList []*grpc.Device, c *Container) []*gr
 			kataDevice = k.appendVfioDevice(dev, device, c)
 		}
 
-		if kataDevice == nil {
+		if kataDevice == nil || kataDevice.Type == "" {
 			continue
 		}
 

src/runtime/virtcontainers/remote.go

@@ -200,11 +200,13 @@ func (rh *remoteHypervisor) AddDevice(ctx context.Context, devInfo interface{},
 }
 
 func (rh *remoteHypervisor) HotplugAddDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error) {
-	panic(notImplemented("HotplugAddDevice"))
+	logrus.Printf("HotplugAddDevice: devInfo=%#v", devInfo)
+	return "HotplugAddDevice is not implemented", nil
 }
 
 func (rh *remoteHypervisor) HotplugRemoveDevice(ctx context.Context, devInfo interface{}, devType DeviceType) (interface{}, error) {
-	panic(notImplemented("HotplugRemoveDevice"))
+	logrus.Printf("HotplugRemoveDevice: devInfo=%#v", devInfo)
+	return "HotplugRemoveDevice is not implemented", nil
 }
 
 func (rh *remoteHypervisor) ResizeMemory(ctx context.Context, memMB uint32, memoryBlockSizeMB uint32, probe bool) (uint32, MemoryDevice, error) {