diff --git a/src/libs/kata-types/src/mount.rs b/src/libs/kata-types/src/mount.rs index 629a1ee3b5..eac2afbffb 100644 --- a/src/libs/kata-types/src/mount.rs +++ b/src/libs/kata-types/src/mount.rs @@ -63,6 +63,8 @@ pub const KATA_VIRTUAL_VOLUME_IMAGE_NYDUS_FS: &str = "image_nydus_fs"; pub const KATA_VIRTUAL_VOLUME_LAYER_NYDUS_FS: &str = "layer_nydus_fs"; /// Download and extra container image inside guest vm. pub const KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL: &str = "image_guest_pull"; +/// In CoCo scenario, we support force_guest_pull to enforce container image guest pull without remote snapshotter. +pub const KATA_IMAGE_FORCE_GUEST_PULL: &str = "force_guest_pull"; /// Manager to manage registered storage device handlers. pub type StorageHandlerManager = HandlerManager; diff --git a/src/runtime-rs/crates/resource/src/manager_inner.rs b/src/runtime-rs/crates/resource/src/manager_inner.rs index f8d40cff72..2f419c4100 100644 --- a/src/runtime-rs/crates/resource/src/manager_inner.rs +++ b/src/runtime-rs/crates/resource/src/manager_inner.rs @@ -17,8 +17,11 @@ use hypervisor::{ }, BlockConfig, Hypervisor, VfioConfig, }; -use kata_types::config::{hypervisor::TopologyConfigInfo, TomlConfig}; use kata_types::mount::Mount; +use kata_types::{ + config::{hypervisor::TopologyConfigInfo, TomlConfig}, + mount::{adjust_rootfs_mounts, KATA_IMAGE_FORCE_GUEST_PULL}, +}; use oci::{Linux, LinuxCpu, LinuxResources}; use oci_spec::runtime::{self as oci, LinuxDeviceType}; use persist::sandbox_persist::Persist; @@ -322,6 +325,16 @@ impl ResourceManagerInner { rootfs_mounts: &[Mount], annotations: &HashMap, ) -> Result> { + let adjust_rootfs_mounts = if !self + .config() + .runtime + .is_experiment_enabled(KATA_IMAGE_FORCE_GUEST_PULL) + { + rootfs_mounts.to_vec() + } else { + adjust_rootfs_mounts()? + }; + self.rootfs_resource .handler_rootfs( &self.share_fs, @@ -331,7 +344,7 @@ impl ResourceManagerInner { cid, root, bundle_path, - rootfs_mounts, + &adjust_rootfs_mounts, annotations, ) .await