The guest Linux kernel might try to access the serial port, and in case
the serial is "off", this might cause some slowness because the port is
not emulated at all. Problem is, when the port is not emulated, the
default value when reading the I/O port will be 0, which has a special
meaning in case of the serial port. It means there is some data ready
to be read, which the kernel might try to read for some time, causing
global system slowness.
That's why it's safer to use "null" by default as this means the serial
port will be emulated but anything written to it will be redirected to
/dev/null.
Fixes#2437
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Arm CI failed on the following error:
Gopkg.lock is out of sync:
github.com/opencontainers/runc/libcontainer/system:
imported or required, but missing from Gopkg.lock's input-imports.
Fixes: #2434
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Recently, ARM CI frequently failed on the following golint error:
Error: pkg/rootless/rootless.go:57:2: comment on exported var
`IsRootless` should be of the form `IsRootless ...` (golint)
Fixes: #2434
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Since the codes in logging.rs is weakly related to the project,
separating it from the project will reduce coupling and make it reusable.
Fixes: #131
Signed-off-by: Tim Zhang <tim@hyper.sh>
The error raised by toGrpc() mentions Firecracker instead of
mockHypervisor, which is incorrect; the fromGrpc() functions
right above it gets this right.
Fixes: #2424
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Do not ignore ipv6 addresses and routes. These are now processed
along with ipv4 addresses/routes. Add unit tests to verify ipv6.
Fixes#147
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
libcontainer already has an API to detect if the runtime is running rootless.
Use libcontainer API instead of reinventing the wheel.
fixes#2415
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update agent client to improve CI stability.
Changes:
660e61f Revert: client.go: HybridVSockDialer: Change Read EOT to recv peek
6cfb75d Revert: client.go: HybridVSockDialer: Check return size n of unix.Recvfrom
54eb918 Revert: client.go: HybridVSockDialer: Close dup fd after receive packet
2f49115 agent: Fix mem-hotplug on x86 when ARCH_MEMORY_PROBE is set
Fixes: #2397
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This commit adds qemu virtio-mem support.
Then qemu can use virtio-mem support memory resize.
To enable this function, need the Linux and the qemu that support
virtio-mem.
Use command "echo 1 > /proc/sys/vm/overcommit_memory" to enable memory
overcommitment of the Linux kernel. Because qemu virtio-mem device need
to allocate a lot of memory.
Set "enable_virtio_mem" of kata configuration to true.
Fixes: #2406
Signed-off-by: Hui Zhu <teawater@antfin.com>
The sandbox cgroup will be constrained if there is no container
type annotation, otherwise kata will rely on container engine's cgroup
configuration
Depends-on: github.com/kata-containers/tests#2255
fixes#2408
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add DOCKER_RUNTIME variable to change container runtime depending on the
CI/environment.
fixes#397
Signed-off-by: Julio Montes <julio.montes@intel.com>
In Container#mountSharedDirMounts, if sandbox.storeSandboxDevices() returns error, we should detach the device.
Fixes#2301
Signed-off-by: Ted Yu yuzhihong@gmail.com
It should restore to it's previous cwd after it
create container in which it would change it's
cwd to container's bundle path.
Fixes: #126
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
To check is the oci spec passed in, other wise,
it would crash the agent unwrap it directly.
Fixes: #124
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Leaving nsdax behind may create some isses for the distro packages
of kata-osbuilder, as every package would have to take care of purging
the file on each distro.
Knowing that, we better remove the file as part of the script, mainly
because the file is already regenerated everytime in any case.
Fixes: #394
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
ioutil.TempFile creates a new temporary file in the directory dir.
It is the caller's responsibility to remove the file
when no longer needed.
Fixes: #2398
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Normally, ioutil.TempDir will create a new temporary
dir under /tmp.
And we should do cleaning up after ioutil.TempDir().
Fixes: #2398
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
os.Exit will skip all deferred instructions.
So we should reconstruct TestMain to leave all setup-related
code in setup(), and all cleanup-related code in shutdown().
Fixes: #2398
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
`HookState` was removed from libcontainer, fortunately it was an alias for
`specs.State`, use `specs.State` instead.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Reimplement `setupSandboxCgroup` to support cgroupsV2 and systemd cgroups
using libcontainer instead of containerd/cgroups.
As an initial effort to support these cgroups, `sandbox_cgroup_only` must
be set to `true` in configuration file.
fixes#2350
Signed-off-by: Julio Montes <julio.montes@intel.com>
move `validCgroupPath` to `cgroups.go` since it's cgroups specific.
Now `validCgroupPath` supports systemd cgroup path and returns a cgroup path
ready to use, calls to `renameCgroupPath` are no longer needed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
systemd paramenter is no longer needed since `isSystemdCgroup` function
can be used to know if the cgroup path is a systemd cgroup path.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add function to create a new cgroup manager depending on the cgroups path and
if the runtime is running rootless.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Add function to identify if the given cgroup path is a systemd
cgroup path.
We need to parse the cgroup path to know which cgroup manager we have to use,
since some container engines do not use `--systemd-cgroup` runtime option.
Signed-off-by: Julio Montes <julio.montes@intel.com>
