diff --git a/src/runtime/Makefile b/src/runtime/Makefile index 5a34b12139..690755f2ae 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -83,7 +83,6 @@ QEMUBINDIR := $(PREFIXDEPS)/bin CLHBINDIR := $(PREFIXDEPS)/bin FCBINDIR := $(PREFIXDEPS)/bin ACRNBINDIR := $(PREFIXDEPS)/bin -VIRTIOFSDBINDIR := $(PREFIXDEPS)/bin SYSCONFDIR := /etc LOCALSTATEDIR := /var @@ -184,7 +183,7 @@ DEFENTROPYSOURCE := /dev/urandom DEFDISABLEBLOCK := false DEFSHAREDFS := virtio-9p DEFSHAREDFS_QEMU_VIRTIOFS := virtio-fs -DEFVIRTIOFSDAEMON := $(VIRTIOFSDBINDIR)/virtiofsd +DEFVIRTIOFSDAEMON := $(LIBEXECDIR)/kata-qemu/virtiofsd DEFVALIDVIRTIOFSDAEMONPATHS := [\"$(DEFVIRTIOFSDAEMON)\"] # Default DAX mapping cache size in MiB #if value is 0, DAX is not enabled diff --git a/tools/packaging/scripts/configure-hypervisor.sh b/tools/packaging/scripts/configure-hypervisor.sh index f8dd5f4c7a..195d25b3dc 100755 --- a/tools/packaging/scripts/configure-hypervisor.sh +++ b/tools/packaging/scripts/configure-hypervisor.sh @@ -262,7 +262,6 @@ generate_qemu_options() { qemu_options+=(size:--disable-snappy) # Disable unused security options - qemu_options+=(security:--disable-seccomp) qemu_options+=(security:--disable-tpm) # Disable userspace network access ("-net user") @@ -404,7 +403,9 @@ generate_qemu_options() { # operations safer. qemu_options+=(functionality:--enable-virtfs) qemu_options+=(functionality:--enable-attr) + # virtio-fs needs cap-ng and seccomp qemu_options+=(functionality:--enable-cap-ng) + qemu_options+=(functionality:--enable-seccomp) if [[ "${qemu_version_major}" -ge 4 || ( "${qemu_version_major}" -eq 3 && "${qemu_version_minor}" -ge 1 ) ]]; then # AVX2 is enabled by default by x86_64, make sure it's enabled only diff --git a/tools/packaging/static-build/qemu-virtiofs/Dockerfile b/tools/packaging/static-build/qemu-virtiofs/Dockerfile index 89c3e1abf5..c16049d3e9 100644 --- a/tools/packaging/static-build/qemu-virtiofs/Dockerfile +++ b/tools/packaging/static-build/qemu-virtiofs/Dockerfile @@ -1,3 +1,7 @@ +# Copyright (c) 2019 Intel Corporation +# Copyright (c) 2020 Ant Group +# +# SPDX-License-Identifier: Apache-2.0 from ubuntu:20.04 ARG QEMU_VIRTIOFS_REPO @@ -68,5 +72,5 @@ RUN make -j$(nproc) RUN make -j$(nproc) virtiofsd RUN make install DESTDIR=/tmp/qemu-virtiofs-static RUN mv /tmp/qemu-virtiofs-static/"${PREFIX}"/bin/qemu-system-x86_64 /tmp/qemu-virtiofs-static/"${PREFIX}"/bin/qemu-virtiofs-system-x86_64 -RUN chmod +x virtiofsd && mv virtiofsd /tmp/qemu-virtiofs-static/opt/kata/bin/ +RUN mv /tmp/qemu-virtiofs-static/"${PREFIX}"/libexec/kata-qemu/virtiofsd /tmp/qemu-virtiofs-static/opt/kata/bin/virtiofsd-dax RUN cd /tmp/qemu-virtiofs-static && tar -czvf "${QEMU_TARBALL}" * diff --git a/tools/packaging/static-build/qemu.blacklist b/tools/packaging/static-build/qemu.blacklist index 1c2d9120db..e52c54dc9f 100644 --- a/tools/packaging/static-build/qemu.blacklist +++ b/tools/packaging/static-build/qemu.blacklist @@ -5,7 +5,7 @@ qemu_black_list=( */bin/qemu-pr-helper */bin/virtfs-proxy-helper -*/libexec/ +*/libexec/kata-qemu/qemu* */share/*/applications/ */share/*/*.dtb */share/*/efi-e1000e.rom diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index 4296e5e053..74d479c9fc 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -1,3 +1,7 @@ +# Copyright (c) 2019 Intel Corporation +# Copyright (c) 2020 Ant Group +# +# SPDX-License-Identifier: Apache-2.0 from ubuntu:20.04 ARG QEMU_REPO @@ -36,7 +40,8 @@ RUN apt-get --no-install-recommends install -y \ libtool \ make \ pkg-config \ - pkg-config \ + libseccomp-dev \ + libseccomp2 \ python \ python-dev \ rsync \ @@ -56,5 +61,6 @@ RUN PREFIX="${PREFIX}" /root/configure-hypervisor.sh -s kata-qemu | xargs ./conf --with-pkgversion=kata-static RUN make -j$(nproc) +RUN make -j$(nproc) virtiofsd RUN make install DESTDIR=/tmp/qemu-static RUN cd /tmp/qemu-static && tar -czvf "${QEMU_TARBALL}" *