runtime-rs: Support handling Kata Virtual Volume in handle_rootfs

In CoCo scenarios, there's no image pulling on host side, and it will disable such operations, that's to say, there's no files sharing between host and guest, especially for container rootfs. We introduce Kata Virtual Volume to help handle such cases: (1) Introduce is_kata_virtual_volume to ensure the volume is kata virtual volume. (2) Introduce VirtualVolume Handling logic in handle_rootfs when the mount is kata virtual volume. Fixes #10690 Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
2025-07-30 23:06:27 +00:00 · 2025-06-01 22:01:42 +08:00 · 2025-06-01 22:01:42 +08:00 · c9ffbaf30d
commit c9ffbaf30d
parent 2600fc6f43
1 changed files with 21 additions and 1 deletions
--- a/src/runtime-rs/crates/resource/src/rootfs/mod.rs
+++ b/src/runtime-rs/crates/resource/src/rootfs/mod.rs
@ -12,7 +12,9 @@ use async_trait::async_trait;
 use kata_types::mount::Mount;
 mod block_rootfs;
 pub mod virtual_volume;
+
 use hypervisor::{device::device_manager::DeviceManager, Hypervisor};
+use virtual_volume::{is_kata_virtual_volume, VirtualVolume};

 use std::{collections::HashMap, sync::Arc, vec::Vec};
 use tokio::sync::RwLock;
@ -67,7 +69,7 @@ impl RootFsResource {
        root: &oci::Root,
        bundle_path: &str,
        rootfs_mounts: &[Mount],
-        _annotations: &HashMap<String, String>,
+        annotations: &HashMap<String, String>,
    ) -> Result<Arc<dyn Rootfs>> {
        match rootfs_mounts {
            // if rootfs_mounts is empty
@ -92,6 +94,17 @@ impl RootFsResource {
                // Safe as single_layer_rootfs must have one layer
                let layer = &mounts_vec[0];
                let mut inner = self.inner.write().await;
+
+                if is_guest_pull_volume(share_fs, layer) {
+                    let mount_options = layer.options.clone();
+                    let virtual_volume: Arc<dyn Rootfs> = Arc::new(
+                        VirtualVolume::new(cid, annotations, mount_options.to_vec())
+                            .await
+                            .context("kata virtual volume failed.")?,
+                    );
+                    return Ok(virtual_volume);
+                }
+
                let rootfs = if let Some(dev_id) = is_block_rootfs(&layer.source) {
                    // handle block rootfs
                    info!(sl!(), "block device: {}", dev_id);
@ -160,3 +173,10 @@ impl RootFsResource {
 fn is_single_layer_rootfs(rootfs_mounts: &[Mount]) -> bool {
    rootfs_mounts.len() == 1
 }
+
+pub fn is_guest_pull_volume(
+    share_fs: &Option<Arc<dyn ShareFs>>,
+    m: &kata_types::mount::Mount,
+) -> bool {
+    share_fs.is_none() && is_kata_virtual_volume(m)
+}