github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-23 18:21:27 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Fix bad merge

Browse Source 
- Re-add removed CC features from sandbox.go

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman 2023-05-25 16:30:01 +01:00
parent 33143eb342
commit c87c8ffce5
1 changed files with 48 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
src/runtime/virtcontainers/sandbox.go
View File

@ -17,6 +17,8 @@ import (
"os" "os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
//"strconv"
"strings" "strings"
"sync" "sync"
"syscall" "syscall"
@ -28,6 +30,8 @@ import (
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/vishvananda/netlink" "github.com/vishvananda/netlink"
cri "github.com/containerd/containerd/pkg/cri/annotations"
crio "github.com/containers/podman/v4/pkg/annotations"
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/api" "github.com/kata-containers/kata-containers/src/runtime/pkg/device/api"
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config" "github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/drivers" "github.com/kata-containers/kata-containers/src/runtime/pkg/device/drivers"
@ -36,6 +40,7 @@ import (
"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace"
resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol" resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol"
exp "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/experimental" exp "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/experimental"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist"
persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api" persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols" pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
@ -134,52 +139,38 @@ type SandboxResourceSizing struct {
// SandboxConfig is a Sandbox configuration. // SandboxConfig is a Sandbox configuration.
type SandboxConfig struct { type SandboxConfig struct {
// Annotations keys must be unique strings and must be name-spaced // Annotations keys must be unique strings and must be name-spaced
Annotations map[string]string // with e.g. reverse domain notation (org.clearlinux.key).
Annotations map[string]string
Hostname string
ID string
HypervisorType HypervisorType
// Custom SELinux security policy to the container process inside the VM // Custom SELinux security policy to the container process inside the VM
GuestSeLinuxLabel string GuestSeLinuxLabel string
// Volumes is a list of shared volumes between the host and the Sandbox.
HypervisorType HypervisorType Volumes []types.Volume
ID string
Hostname string
// SandboxBindMounts - list of paths to mount into guest // SandboxBindMounts - list of paths to mount into guest
SandboxBindMounts []string SandboxBindMounts []string
// Experimental features enabled // Experimental features enabled
Experimental []exp.Feature Experimental []exp.Feature
// Containers describe the list of containers within a Sandbox. // Containers describe the list of containers within a Sandbox.
// This list can be empty and populated by adding containers // This list can be empty and populated by adding containers
// to the Sandbox a posteriori. // to the Sandbox a posteriori.
// TODO: this should be a map to avoid duplicated containers //TODO: this should be a map to avoid duplicated containers
Containers []ContainerConfig Containers []ContainerConfig
NetworkConfig NetworkConfig
Volumes []types.Volume AgentConfig KataAgentConfig
NetworkConfig NetworkConfig
AgentConfig KataAgentConfig
HypervisorConfig HypervisorConfig HypervisorConfig HypervisorConfig
ShmSize uint64
ShmSize uint64
SandboxResources SandboxResourceSizing SandboxResources SandboxResourceSizing
VfioMode config.VFIOModeType
VfioMode config.VFIOModeType
// StaticResourceMgmt indicates if the shim should rely on statically sizing the sandbox (VM) // StaticResourceMgmt indicates if the shim should rely on statically sizing the sandbox (VM)
StaticResourceMgmt bool StaticResourceMgmt bool
// Offload the CRI image management service to the Kata agent.
ServiceOffload bool
// SharePidNs sets all containers to share the same sandbox level pid namespace. // SharePidNs sets all containers to share the same sandbox level pid namespace.
SharePidNs bool SharePidNs bool
// SystemdCgroup enables systemd cgroup support // SystemdCgroup enables systemd cgroup support
SystemdCgroup bool SystemdCgroup bool
// SandboxCgroupOnly enables cgroup only at podlevel in the host // SandboxCgroupOnly enables cgroup only at podlevel in the host
SandboxCgroupOnly bool SandboxCgroupOnly bool
@ -339,6 +330,7 @@ func (s *Sandbox) Release(ctx context.Context) error {
if s.monitor != nil { if s.monitor != nil {
s.monitor.stop() s.monitor.stop()
} }
s.fsShare.StopFileEventWatcher(ctx)
s.hypervisor.Disconnect(ctx) s.hypervisor.Disconnect(ctx)
return s.agent.disconnect(ctx) return s.agent.disconnect(ctx)
} }
@ -621,6 +613,21 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor
return nil, err return nil, err
} }
if len(sandboxConfig.Containers) > 0 {
// These values are required by remote hypervisor
for _, a := range []string{cri.SandboxName, crio.SandboxName} {
if value, ok := sandboxConfig.Containers[0].Annotations[a]; ok {
sandboxConfig.HypervisorConfig.SandboxName = value
}
}
for _, a := range []string{cri.SandboxNamespace, crio.Namespace} {
if value, ok := sandboxConfig.Containers[0].Annotations[a]; ok {
sandboxConfig.HypervisorConfig.SandboxNamespace = value
}
}
}
// If we have a confidential guest we need to cold-plug the PCIe VFIO devices // If we have a confidential guest we need to cold-plug the PCIe VFIO devices
// until we have TDISP/IDE PCIe support. // until we have TDISP/IDE PCIe support.
coldPlugVFIO := (sandboxConfig.HypervisorConfig.ColdPlugVFIO != hv.NoPort) coldPlugVFIO := (sandboxConfig.HypervisorConfig.ColdPlugVFIO != hv.NoPort)
@ -1292,6 +1299,13 @@ func (s *Sandbox) startVM(ctx context.Context, prestartHookFunc func(context.Con
return err return err
} }
// not sure how we know that this callback has been executed
if s.config.HypervisorConfig.ConfidentialGuest && s.config.HypervisorConfig.GuestPreAttestation {
if err := s.hypervisor.AttestVM(ctx); err != nil {
return err
}
}
if prestartHookFunc != nil { if prestartHookFunc != nil {
hid, err := s.GetHypervisorPid() hid, err := s.GetHypervisorPid()
if err != nil { if err != nil {
@ -2683,3 +2697,8 @@ func (s *Sandbox) resetVCPUsPinning(ctx context.Context, vCPUThreadsMap VcpuThre
} }
return nil return nil
} }
// PullImage pulls an image on a sandbox.
func (s *Sandbox) PullImage(ctx context.Context, req *image.PullImageReq) (*image.PullImageResp, error) {
return s.agent.PullImage(ctx, req)
}