With this change, a container is not longer given access to
the underlying root partition.
This is done by explicitly adding the root partition
to the device cgroup of the container.
Fixes: #317
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
The Qemu version check in unit test case is no longer needed for
Power since we don't support Kata with Qemu version < 4.x.
Fixes: #315
Signed-off-by: bpradipt@in.ibm.com
Improve the output of the data collection script to use lots more folds.
This makes it easier to review the information when viewing the pasted
output in a GitHub issue.
Fixes: #313.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add `start_section()` and `end_section()` functions to the data
collection script to allow new unfoldable sections to be created.
Redefine `show_header()` and `show_footer()` to use the new functions.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Now that the Kata containerd shim v2 can display a version string,
add those details to the data collection script.
Fixes: #309.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
All components should support a `--version` option to allow clear
identification of the version of the component being used.
Note that the build changes are required to allow the shim binary to
access the golang code generated by the build (such as the `version`
variable).
Fixes: #307.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a new system component, used only when tracing is enabled. The
component listens to the agent over VSOCK, forwarding trace spans
created by the agent in the virtual machine onwards to an OpenTelemetry
collector (such as Jaeger) running on the host.
Fixes: #224.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fix a long-standing bug where the KSM throttler logs would not be
collected by removing the last (unused) parameter to the
`find_system_journal_problems()` function.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The function that checks for legacy packages in the collect script was
missing pipes denoting regex alternation.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The agent logger is useful and generic enough that it can be used by
other components, so move the agent logging package to below a top level
`pkg` to encourage re-use.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Clean up all clippy warning.
Also fix a bug in dealing with IFLA_IFNAME attribute.
nlh.addattr_var(IFLA_IFNAME, name.as_ptr() as *const u8, name.len() + 1);
The `name` is a rust String, which doesn't including the trailing '\0',
so name.len() + 1 may cause invalid memory access.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Implment `TryFrom<IPAddress> for RtIPAddr` instead of From<IPAddress>,
so error code could be returned instead of unwrap().
Do the same for `TryFrom<Route> for RtRoute`.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
There are too much unsafe code in the netlink crate, we need to reduce
unsafe code as much as possible. To achieve this, methods are classified
as public interfaces and internal methods.
All public interface of RtnlHandle has been reimplemented as safe code,
only some public helper functions to manipulater Netlink message data
structures are implemented as unsafe code.
The code to parse IPv4/IPv6/MAC addresses has been moved to a dedicated
file named parser.rs.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
The scan_fmt crate has dependency on other four crates, and it's trivial
to use std library to implement the same logic. Get rid of scan_fmt to
reduce the dependency chain.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Use features to enable/disable slog and agent handler on demand.
This helps to reduce dependency chains if slog/agent handler is unused.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
The netlink crate is a library to communicate with Linux kenrel by using
the netlink socket. It's generic enough to be reused by other clients.
So get rid of dependency on the rustjail crate by:
1) normalize all pub interfaces to return Result<T, nix::Error>,
2) add helpers to reduce duplicated code,
3) move parse_mac() into lib.rs,
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Add grpc API for adding arp neighbours for a network
interface. These are expected to be static arp entries
sent by the runtime.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Got:
make PROTO_FILE=agent.proto generate-protocol
google/protobuf/descriptor.proto: Read access is denied for file: /usr/local/include/google/protobuf/descriptor.proto
This commit will fix this error.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Instead of having the versions.yaml in the runtime source,
it makes more sense to have it in the root directory of
the project.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
In Kata 1.x, agent interface is defined in agent repo and vendored by runtime. But in Kata 2.0, agent and runtime will use ttrpc as protocol, and agent is using rust language, so runtime can't vendor agent again, have to compile from agent's protobuf files.
This PR will hold proto files under src/agent, and compile it to rust/go sources for agent/runtime. Typing `make generate-protocols` under root of this repo or `src/agent` can see how to use it.
Signed-off-by: bin liu <bin@hyper.sh>
For stable versions the format used `x.y.z`.
kata-env was failing trying to make a new release from 1.11.0-rc to
1.11.0
This fix kata-env for releases 1.11+ where this regression was
introduced.
Fixes: kata-containers/runtime#2674
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
With the new HTTP API from CLH, it removes the support of multiple
virtio-vsock devices, as the Linux kernel does not support it.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Changes:
96be8229 release: Release v0.7.0
5115ad6e vmm: config: Support on/off/true/false for all booleans
d5bfa2df vmm, vhost_user_block: Make parameter names match --disk
2f0bc06b vmm: Update default devices names as "internal"
aaba6e77 vmm: Add virtio-console to the list of Migratable devices
9ab4bb1a devices: serial: Expect an identifier upon device creation
06487131 vm-virtio: pci: Expect an identifier upon device creation
eeb7e10d vm-virtio: mmio: Expect an identifier upon device creation
9d84ef50 vmm: Make the virtio identifier mandatory
14350f5d devices: ioapic: Expect an identifier upon device creation
55687157 vm-virtio: iommu: Expect an identifier upon device creation
052eff1c vm-virtio: console: Expect an identifier upon device creation
354c2a4b vm-virtio: vhost-user-net: Expect an identifier upon device creation
46e0b3ff vm-virtio: vhost-user-blk: Expect an identifier upon device creation
bb7fa71f vm-virtio: vhost-user-fs: Expect an identifier upon device creation
ec5ff395 vm-virtio: vsock: Expect an identifier upon device creation
9b53044a vm-virtio: mem: Expect an identifier upon device creation
1592a929 vm-virtio: pmem: Expect an identifier upon device creation
2e91b738 vm-virtio: rng: Expect an identifier upon device creation
9eb7413f vm-virtio: net: Expect an identifier upon device creation
be946caf vm-virtio: blk: Expect an identifier upon device creation
ff9c8b84 vmm: Always generate the next device name
81831413 vmm: Add an identifier to the ioapic device
e4386c8b vmm: Add an identifier to the virtio-iommu device
75ddd2a2 vmm: Add an identifier to the --console device
eac350c4 vmm: Add an identifier to the virtio-mem device
6802ef54 vmm: Add an identifier to the --rng device
d71d52e9 vmm: Fix virtio-console creation with virtual IOMMU
b08fde59 vmm: Fix virtio-rng creation with virtual IOMMU
8031ac33 vmm: Fix virtio-vsock creation with virtual IOMMU
50134969 Jenkins: Run musl unit and integration tests on master branch
ce794f78 ci: Pass target triple to the test scripts
33b0e158 resources: Add musl tools and toolchain to the Dockerfile
ad9374bd dev_cli: Add --libc to the build and test commands
8cef3574 vmm: seccomp: Add fork, gettid and pipe2 syscalls to permitted list
ce7678f2 vmm: seccomp: Add tkill syscall to permitted list
12758d7f vmm: seccomp: Add epoll_pwait syscall to permitted list
86fcd19b build: Initial musl support
a5de4955 vmm: Only allow removal of specific types of virtio device
9ed880d7 vmm: Add an identifier to the --fs device
7e0ab6b5 vmm: Fix pmem device creation
3012975c tests: Enhance vsock integration test to support hotplug
6c2bca5f bin: ch-remote: Add support for adding vsock devices
8de7448d vmm: api: Add "add-vsock" API entry point
bf09a1e6 openapi: Add "id" field to VsockConfig
a76cf086 vmm: vm: Remove vsock device from config
99422324 vmm: vm: Add "add_vsock()"
1d61c476 vmm: device_manager: Add support for hotplugging virtio-vsock devices
f8501a3b vmm: config: Move --vsock syntax to VsockConfig
6e049e0d vmm: Add an identifier to the --vsock device
10348f73 vmm, main: Support only zero or one vsock devices
9d1f95a3 openapi: Add missing "id" field
30e2e515 build(deps): bump serde_json from 1.0.51 to 1.0.52
dd9d0d04 build(deps): bump micro_http from `0d87a94` to `c9ffb90`
cdc8493a build(deps): bump thiserror from 1.0.15 to 1.0.16
Fixes: kata-containers/runtime#2658
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Pmem size now is calculated by the hypervisor. This is not required
anymore. Remove it to simplify the code.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Changes:
f5debc4 build(deps): bump libssh2-sys from 0.2.16 to 0.2.17
37dfb4c build(deps): bump hermit-abi from 0.1.11 to 0.1.12
e1a07ce vmm: vm: Unpark the threads before shutdown when the current state is paused
1df38da vmm, tests: Make specifying a size optional for virtio-pmem
7481e4d vmm: config: Validate that shared memory is enabled if using vhost-user
2ac6971 vmm: MemoryManager: Cleanup the usage of std::ffi/io/result
3f42f86 vmm: Add the 'shared' and 'hugepages' controls to MemoryConfig
d6aa717 build(deps): bump syn from 1.0.17 to 1.0.18
3eaeba4 vm-virtio: Fix FS_IO callback for virtio-fs
df14a68 build(deps): bump smallvec from 1.3.0 to 1.4.0
e685854 gh: Separate the build and release jobs
c790bba tests: Migrate from Ubuntu Eoan to Focal
e525af7 build(deps): bump ryu from 1.0.3 to 1.0.4
3e8a6ba ci: Ignore test_snapshot_restore
9ebf052 build(deps): bump cc from 1.0.51 to 1.0.52
f6b150a ci: Add integration test for VM migration
9f08f53 build(deps): bump pin-utils from 0.1.0-alpha.4 to 0.1.0
9c7215d docs: Add the vhost-user-blk test doc
3574437 build(deps): bump cc from 1.0.50 to 1.0.51
4fc75cf vm-virtio: Implement Snapshottable trait for Console
d41ce90 vm-virtio: Implement Snapshottable trait for Pmem
f626bd6 build(deps): bump parking_lot_core from 0.7.1 to 0.7.2
5a380a6 vmm: memory_manager: Support non-power-of-2 block sizes
f8ee89a build(deps): bump arc-swap from 0.4.5 to 0.4.6
49322c5 vm-virtio: Implement the Snapshottable trait for Net
24c2b67 vm-virtio: Improve virtio-net rx queue processing
03dd249 vm-virtio: Restore queues based on used index
cf707da vm-virtio: Extend Queue helpers
c22fd39 vmm: Remove virtio device's userspace mapping on hot-unplug
0a97c25 vmm: Extend MemoryManager to remove userspace mappings
b2de1cd vm-virtio: Implement shutdown() for virtio-fs
fbcf3a7 vm-virtio: Implement userspace_mappings() for virtio-pmem
b035399 vm-virtio: Implement userspace_mappings() for virtio-fs
3fb0a02 vm-virtio: Get userspace mappings from VirtioDevice
8b823e5 build(deps): bump backtrace-sys from 0.1.35 to 0.1.36
c23b488 ci: Factorize virtio-fs hotplug integration tests
f68b08b tests: add integration tests for vm.add-fs route
18f7789 vmm: Add hotplugged virtio devices to the DeviceManager list
c2abadc vmm: Add ability to add virtio-fs device post-boot
bb2139a vmm/api: Add vm.add-fs route
d35e775 vmm: Update KVM userspace mapping when PCI BAR remapping
49cc73a vm-virtio: pci: Make sure to return the correct list of BARs
187b1ee vm-virtio: Implement the Snapshottable trait for Block
a484aa7 vm-virtio: Implement the Snapshottable trait for Rng
ac7178e vmm: Keep migratable devices list as a Vec
b6fdbf7 vm-virtio: Implement Snapshottable trait for MmioDevice
12fec55 vm-virtio: Add helpers to update queue indexes
fd45e94 vm-virtio: Add the ability to serialize a Queue
b7faf4f vhost_user_fs: Add the WRITE_KILL_PRIV write flag.
0870028 vhost_user_fs: Add the IOCTL_COMPAT_32 flag
592cfba vhost_user_fs: Add the EXPLICIT_INVAL_DATA capability flag
621ea83 vhost_user_fs: Add the ZERO_MESSAGE_OPENDIR capability flag
a2830da vhost_user_fs: Add the CACHE_SYMLINKS flag
926a414 vhost_user_fs: Add support for MAX_PAGES
747f31d vhost_user_fs: Add the ABORT_ERROR flag
5eb903a vhost_user_fs: Add support for FOPEN_CACHE_DIR
97e2d5d vhost_user_fs: Add support for CopyFileRange
b8cfdab pci: configuration: Use correct algorithm for BAR size reporting
9bd5ec8 pci, vfio, vm-virtio: Specify a PCI revision ID of 1 for virtio-pci
e7e0e8a vmm, devices: Add firmware debug port device
82d0cdf vhost_user_net: Simplify match values for handle_event()
a517be4 vhost_user_blk: Add multithreaded multiqueue support
13c8283 vhost_user_blk: Make everything private when possible
a31f5f8 vhost_user_blk: Move disk initialization to VhostUserBlkBackend
e78e34b vhost_user_blk: Make DiskFile sharable across threads
808586e vhost_user_blk: Simplify the code by removing VringWorker
ea82632 tests: Enhance test_pmem_hotplug to also unplug device
6389418 tests: Enhance test_disk_hotplug to also unplug device
f9a0445 vmm: vm: Remove device from configuration after unplug
444e5c2 vmm: device_manager: Generalise NoAvailableVfioDeviceName
5bab9c3 vmm: device_manager: Assign ids to pmem/net/disk devices if absent
514491a vmm: device_manager: Support unplugging virtio-pci devices
2fa652a vm-virtio: pci: Add virtio_device() accessor
476e4ce vmm: device_manager: Add virtio-pci devices into id to BDF map
b38470d vmm: config: Add "id" parameter to {Net, Disk, Pmem}Config
1beb62e vmm: vm: Don't panic on kernel load error
Fixes: kata-containers/runtime#2609
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Runtime must setup the network before moving itself into the cgroup, otherwise
it won't be able to get the vhost/net queues file descriptors for the
hypervisor.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Update sandbox's device cgroup before hotpluggin a device and after it has
been removed from the VM, this way the device cgroup in the host is
fully honoured and the hypervisor will have access only to the devices needed
for the sandbox, improving the security.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
All the code related to HasCRIContainerType is useless and no longer needed
since the CRIContainerType annotation is not considered for constraining or
not the sandbox
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata relies on the cgroup parent created and configured by the container
engine, but sometimes the sandbox cgroup is not configured and the container
may have access to all the resources, hence the runtime must constrain the
sandbox and update the list of devices with the devices hotplugged in the
hypervisor.
Fixes: kata-containers/runtime#2605
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
The hypervisor needs access to `/dev/vfio/vfio` to use VFIO devices.
Remove all devicemapper devices from the allowed list, the device cgroup
must be updated when before hotpluggin any device.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
add `AddDevice` and `RemoveDevice` to cgroup manager to allow adding
and removing devices from the device cgroup
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add functions to convert a host device to a cgroup device or linux device,
the first one is used to update the device cgroup and the second one to
update the resources in the OCI spec.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
`GetHostPath()` method returns the device path in the host, this way the
runtime can get the device information for updating the sandbox's device
cgroup.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Hardcode the Cargo.lock file to prevent dependencies
change which would cause some compatible issues.
Fixes: #230
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since the ttrpc upgraded with async supported, which isn't
compatible with current agent, thus it's better to change
the dependency to a stable branch.
Fixes: #229
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Only load runtime config when it is not set.
We do not expect a service's runtime config to change while
it is running.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To use the kata-containers repo path.
Most of the change is generated by script:
find . -type f -name "*.go" |xargs sed -i -e \
's|github.com/kata-containers/runtime|github.com/kata-containers/kata-containers/src/runtime|g'
Fixes: #201
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It is simply wrong to test kata-check within before sub commands
as it is NOT before at all. Besides it causes errors if kata is
not installed.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We should not use a plain unix socket reader to act as grpc
server. Place a really mock grpc server instead.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It's better to check whether the sandbox's get_container
result instead of unwrap it directly, otherwise it would
crash the agent if the conainer id is invalid.
Fixes: #178
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
When kill a process, if the exec id is empty, then
it means to kill all processes in the container, if
the exec id isn't empty, then it will only kill the
specific exec process.
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Add the container id and exec id to start container's log
which would make it clearly to check the log.
Fixes: #173
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In the previous implementation, create a container process
by forking the parent process as the container process,
and then at the forked child process do much more setting,
such as rootfs mounting, drop capabilities and so on, at
last exec the container entry cmd to switch into container
process.
But since the parent is a muti thread process, which would
cause a dead lock in the forked child. For example, if one
of the parent process's thread do some malloc operation, which
would take a mutex lock, and at the same time, the parent forked
a child process, since the mutex lock status would be inherited
by the child process but there's no chance to release the lock
in the child since the child process only has a single thread
which would meet a dead lock if it would do some malloc operation.
Thus, the new implementation would do exec directly after forked
and then do the setting in the exec process. Of course, this requred
a data communication between parent and child since the child cannot
depends on the shared memory by fork way.
Fixes: #166Fixes: #133
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Adds a cmdline option to configure the stdout/stderr pipe sizes.
Uses `F_SETPIPE_SZ` to resize the write side of the pipe after
creation.
Example Cmdline option: `agent.container_pipe_size=2097152`
fixes#152
Signed-off-by: Alex Price <aprice@atlassian.com>
I add another sub-command `build-service` in Makefile to
generate rust-agent-related systemd service files, which
are necessary for building guest rootfs image.
The whole design is following the one in go-agent.
Fixes: #144
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
It's better to catch the error of couldn't find the process
in tty_win_resize service, other wise, an invalid process id
could crash the agent.
Fixes: #137
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This reverts commit a3e46a369f.
There is still problem with static link, built binary will
segmentfault on clearlinux. So revert this patch for now.
Depends-on: github.com/kata-containers/tests#2293
Fixes: #69
Signed-off-by: Yang Bo <bo@hyper.sh>
Since the codes in logging.rs is weakly related to the project,
separating it from the project will reduce coupling and make it reusable.
Fixes: #131
Signed-off-by: Tim Zhang <tim@hyper.sh>
It should restore to it's previous cwd after it
create container in which it would change it's
cwd to container's bundle path.
Fixes: #126
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
To check is the oci spec passed in, other wise,
it would crash the agent unwrap it directly.
Fixes: #124
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
add oci compatibility test case for src/agent/oci/src/lib.rs
follow by Open Container Initiative Runtime Specification
Fixes: #118
Signed-off-by: quanweiZhou <quanweiZhou@linux.alibaba.com>
When using default cc linker, we will have segfault.
Debugging with `rust-gdb`, the specific error is as follows:
src/string/memcpy.c: No such file or directory.
Only changing linker with `aarch64-linux-musl-gcc`, the
`rust-agent` could be totally statically linked and run successfully.
Fixes: #107
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The __addtf3, __subtf3 and __multf3 symbols are used by aarch64-musl,
but are not provided by rust compiler-builtins.
For now, the only temporary but functional workaround accepted by rust
communities is to get them from libgcc.
Fixes: #107
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
These are the unit tests for the sandbox struct. This is the summary
of the most important changes:
- To test containers it was needed to create a `LinuxContainer` type
and this requires root privileges. So, some tests now requires root
user to be run.
- There was a bug in the `unset_sandbox_storage` method. The return
type was wrapped in a `Result` to avoid this problem.
Fixes: #50
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
1) pass reference instead of value when possible.
2) simplify code.
3) rename get_device_pci_address() as get_pci_device_address() to keep
consistency get_pci_device_name().
4) refine get_device_name() for maintenance.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Function set_sandbox_storage() is designed to return true when the
reference count drops from 1 to 0. But current implementation always
return true no matter the reference count is, which may cause removing
an in use mountpoint.
Fixes: #88
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Refine uevent.rs for better maintenance:
1) use dedicated function to handle uevents.
2) use dedicated function to handle blk add events.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Improve loger implementation by:
1) avoid unnecessary clone() operations.
2) change Arc<Mutex<slog::Level>> to Mutex<slog::Level>. We should use
atomic<usize> instead of Mutex<slog::Level> for better performance here.
But with slog_async::Async drainer in the pipeline, RuntimeLevelFilter
drainer will only get from a single-thread context, so keep it as is.
3) minor syntax cleanups.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
It's should use string.eq() to match option's
key words exactly instead of using string.starts_with()
for single key options and for "key=value" options it's
bettet to match "key=" instead of "key" with string.starts_with()
which would match wrongly such as passed options "agent.log_vsock"
which would match "agent.log" with string.starts_with()
and trigger parsing issues.
Fixes: #96
Signed-off-by: lifupan <lifupan@gmail.com>
When call "C" func directly, it's needed to change the string to
CString. To avoid using the unsafe calling, replace it with the
rust safe function to set mode for a file/dir.
Signed-off-by: lifupan <lifupan@gmail.com>
Once parsed cmdline and set the config on AGENT_CONFIG,
release the write lock as soon as possible. In case other
thread would get read lock on it.
Fixes:#87
Signed-off-by: lifupan <lifupan@gmail.com>
This patch adds a unit test for `namespace.rs`. The baseline for this
test comes from the Go agent tests in which the namespace is mounted in
a temporary folder.
In order to enable testing in the temporary folder the code was refactored
allow configuration for the specified namespace, thus the changes done
are described below:
- The `setup_persistent_ns` method was moved inside the `Namespace` type.
- A builder pattern was implemented for the `Namespace` type. This allows
the caller to set the type of the desired namespace as well as the root
folder which will help the testing.
- A new `NamespaceType` enum was introduced to represent the namespace type.
- The user of the `Namespace` type (sandbox.rs) was updated accordingly.
Fixes: #50
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
When kata-agent run as init process in initrd, do the
init in which will do some base mount such as mount
/proc; thus the following config.parse_cmdline can access
/proc/cmdline to parse the parameters such as agent.log etc.
Fixes: #85
Signed-off-by: lifupan <lifupan@gmail.com>
The CI was failing due to two problems.
1. The `ci/static-checks.sh` was run from an incorrect place.
2. `rustfmt` was failing as some code wasn't correctly formatted.
This patch address all the changed requested by rustfmt and the
`static-checks.sh` script was updated
Fixes: #83
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
This adds an option to the agent to control the hotplug timeout of block devices.
Retains the previous behaviour of defaulting to 3 seconds if not specified.
Can be increased when block device hot plugging is taking longer than expected.
fixes#62
Signed-off-by: Alex Price <aprice@atlassian.com>
The `skip_*` macros will be useful across the different tests so having
them in a separate module can help with code duplication. This change
creates a new module and exports the macros at crate level.
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
Fixes to allow the rust agent to be built using a gnu target.
Specifically, remove assumptions about musl-specific types.
Fixes: #70.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Since build with --release produces corrupted binary in ci, we removed
--release. However, the make install target cannot find the binary,
set BUILDTYPE to debug
Fixes: #67
Signed-off-by: Yang Bo <bo@hyper.sh>
The get_key_value method is currently only avaiable in nightly rust.
As only this feature is required it worth to refactor and enable building
in the stable channel.
The method was removed by first getting the value from the CGROUPS hashmap,
then key is get by iterating over all the keys. The checks for an empty key and
key == "devices" were moved out of the hashmap block.
The README.md was updated as well to detail the instructions for stable rust.
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
Create a config module and add more tests. Also enable setting the log
level from the kernel command-line.
Fixes: #59, #63.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
