mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-23 18:21:27 +00:00
runtime: Fix bad merge
- Re-add removed CC features from sandbox.go Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
parent
33143eb342
commit
c87c8ffce5
@ -17,6 +17,8 @@ import (
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
|
||||
//"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"syscall"
|
||||
@ -28,6 +30,8 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/vishvananda/netlink"
|
||||
|
||||
cri "github.com/containerd/containerd/pkg/cri/annotations"
|
||||
crio "github.com/containers/podman/v4/pkg/annotations"
|
||||
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/api"
|
||||
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
|
||||
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/drivers"
|
||||
@ -36,6 +40,7 @@ import (
|
||||
"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace"
|
||||
resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol"
|
||||
exp "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/experimental"
|
||||
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
|
||||
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist"
|
||||
persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
|
||||
pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
|
||||
@ -134,52 +139,38 @@ type SandboxResourceSizing struct {
|
||||
// SandboxConfig is a Sandbox configuration.
|
||||
type SandboxConfig struct {
|
||||
// Annotations keys must be unique strings and must be name-spaced
|
||||
Annotations map[string]string
|
||||
|
||||
// with e.g. reverse domain notation (org.clearlinux.key).
|
||||
Annotations map[string]string
|
||||
Hostname string
|
||||
ID string
|
||||
HypervisorType HypervisorType
|
||||
// Custom SELinux security policy to the container process inside the VM
|
||||
GuestSeLinuxLabel string
|
||||
|
||||
HypervisorType HypervisorType
|
||||
|
||||
ID string
|
||||
|
||||
Hostname string
|
||||
|
||||
// Volumes is a list of shared volumes between the host and the Sandbox.
|
||||
Volumes []types.Volume
|
||||
// SandboxBindMounts - list of paths to mount into guest
|
||||
SandboxBindMounts []string
|
||||
|
||||
// Experimental features enabled
|
||||
Experimental []exp.Feature
|
||||
|
||||
// Containers describe the list of containers within a Sandbox.
|
||||
// This list can be empty and populated by adding containers
|
||||
// to the Sandbox a posteriori.
|
||||
// TODO: this should be a map to avoid duplicated containers
|
||||
Containers []ContainerConfig
|
||||
|
||||
Volumes []types.Volume
|
||||
|
||||
NetworkConfig NetworkConfig
|
||||
|
||||
AgentConfig KataAgentConfig
|
||||
|
||||
//TODO: this should be a map to avoid duplicated containers
|
||||
Containers []ContainerConfig
|
||||
NetworkConfig NetworkConfig
|
||||
AgentConfig KataAgentConfig
|
||||
HypervisorConfig HypervisorConfig
|
||||
|
||||
ShmSize uint64
|
||||
|
||||
ShmSize uint64
|
||||
SandboxResources SandboxResourceSizing
|
||||
|
||||
VfioMode config.VFIOModeType
|
||||
|
||||
VfioMode config.VFIOModeType
|
||||
// StaticResourceMgmt indicates if the shim should rely on statically sizing the sandbox (VM)
|
||||
StaticResourceMgmt bool
|
||||
|
||||
// Offload the CRI image management service to the Kata agent.
|
||||
ServiceOffload bool
|
||||
// SharePidNs sets all containers to share the same sandbox level pid namespace.
|
||||
SharePidNs bool
|
||||
|
||||
// SystemdCgroup enables systemd cgroup support
|
||||
SystemdCgroup bool
|
||||
|
||||
// SandboxCgroupOnly enables cgroup only at podlevel in the host
|
||||
SandboxCgroupOnly bool
|
||||
|
||||
@ -339,6 +330,7 @@ func (s *Sandbox) Release(ctx context.Context) error {
|
||||
if s.monitor != nil {
|
||||
s.monitor.stop()
|
||||
}
|
||||
s.fsShare.StopFileEventWatcher(ctx)
|
||||
s.hypervisor.Disconnect(ctx)
|
||||
return s.agent.disconnect(ctx)
|
||||
}
|
||||
@ -621,6 +613,21 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(sandboxConfig.Containers) > 0 {
|
||||
// These values are required by remote hypervisor
|
||||
for _, a := range []string{cri.SandboxName, crio.SandboxName} {
|
||||
if value, ok := sandboxConfig.Containers[0].Annotations[a]; ok {
|
||||
sandboxConfig.HypervisorConfig.SandboxName = value
|
||||
}
|
||||
}
|
||||
|
||||
for _, a := range []string{cri.SandboxNamespace, crio.Namespace} {
|
||||
if value, ok := sandboxConfig.Containers[0].Annotations[a]; ok {
|
||||
sandboxConfig.HypervisorConfig.SandboxNamespace = value
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If we have a confidential guest we need to cold-plug the PCIe VFIO devices
|
||||
// until we have TDISP/IDE PCIe support.
|
||||
coldPlugVFIO := (sandboxConfig.HypervisorConfig.ColdPlugVFIO != hv.NoPort)
|
||||
@ -1292,6 +1299,13 @@ func (s *Sandbox) startVM(ctx context.Context, prestartHookFunc func(context.Con
|
||||
return err
|
||||
}
|
||||
|
||||
// not sure how we know that this callback has been executed
|
||||
if s.config.HypervisorConfig.ConfidentialGuest && s.config.HypervisorConfig.GuestPreAttestation {
|
||||
if err := s.hypervisor.AttestVM(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if prestartHookFunc != nil {
|
||||
hid, err := s.GetHypervisorPid()
|
||||
if err != nil {
|
||||
@ -2683,3 +2697,8 @@ func (s *Sandbox) resetVCPUsPinning(ctx context.Context, vCPUThreadsMap VcpuThre
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// PullImage pulls an image on a sandbox.
|
||||
func (s *Sandbox) PullImage(ctx context.Context, req *image.PullImageReq) (*image.PullImageResp, error) {
|
||||
return s.agent.PullImage(ctx, req)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user