acpi is enabled for kata 1.x, port and rebase code for 2.x
including:
runtime: enable pflash;
agent: add acpi support for pci bus path;
packaging: enable CONFIG_RTC_DRV_EFI;
Fixes: #1317
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
We should create the container's cgroup under the system's
cgroup default path such as "/sys/fs/cgroup/<sub system>",
instead of under the kata-agnet's process's cgroup path,
which would under the systemd's cgroup such as
"/sys/fs/cgroup/systemd/system.slice/kata-agent.service"
Fixes: #1319
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Include on the terms glossary some words about the agent init as
later on README its explain how the agent can be switched between
systemd and init.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This patch fixed the security issue if the container images has
unsafe symlink to the container rootfs and hackers can be exploit
this symlink to hack the guest system. e.g. make directory or files
on guest.
CVE-2015-3629
Fixes: #1219
Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
Changed the user-visible urls to point to the right Kata Containers
files/repositories.
Fixes#234
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
To avoid hitting quota limit on docker.io, this changes the Fedora
and CentOS dockerfiles to pull the image from the projects registries.
Fixes#1324
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Highlights for cloud-hypervisor version v0.12.0 include: removal of
`vhost-user-net` and `vhost-user-block` self spawning, migration of
`vhost-user-fs` backend, ARM64 enhancements with full support of
`--watchdog` for rebooting, and enhanced `info` HTTP API to include the
details of devices used by the VM including VFIO devices.
Fixes: #1315
Signed-off-by: Bo Chen <chen.bo@intel.com>
According to runtime-spec:
The poststart hooks MUST be invoked by the runtime. If any poststart
hook fails, the runtime MUST log a warning, but the remaining hooks
and lifecycle continue as if the hook had succeeded
Fixes: #1252
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
According to runtime-spec:
The poststop hooks MUST be invoked by the runtime. If any
poststop hook fails, the runtime MUST log a warning, but
the remaining hooks and lifecycle continue as if the hook
had succeeded.
Fixes: #1252
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
The osbuilder scripts include a bunch of code for installing cmake, even
though cmake is never invoked. versions.yaml claims it's needed to build
grpc-rs, but that doesn't appear to be in our dependency graph.
Presumably, we used to need this, but don't any more. So, remove all cmake
references.
Fixes#1309
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Qemu config alredy use vanilla kernel build for virtiofs.
Lets make cosisntent the usage of kernel.
Depends-on: github.com/kata-containers/tests#3172
Fixes: #1302
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Stable and candidate snapcraft's channels are used to release Kata
Containers 1.x and 2.x respectively. Alpha and RC releases shouldn't
be pushed to the snap store because there are not enough channels
for all the releases of Kata Containers 1.x and 2.x.
fixes#1303
Signed-off-by: Julio Montes <julio.montes@intel.com>
This PR updates the ubuntu version from 18.04 to 20.04 that will be
used for the github actions.
Fixes#1295
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This patch integrates new netlink module routines with the agent (mainly
replaces calls to old netlink module with the new one).
Fixes: #1294
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This PR adds new netlink module (based on `rtnetlink` crate), so we don’t have to
write a low level code to interact with netlink sockets, but use a high level API.
As a side effect, `rtnetlink` crate got full IPv6 support, so it fixes#1171Fixes: #1294
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Support pmem-csi[1] k8s pluging, unlike SCSI and virtio devices,
NVDIMM/PMEM devices support DAX, improving IO Read and Write
operations.
fixes#1289
Signed-off-by: Julio Montes <julio.montes@intel.com>
[1]: https://github.com/intel/pmem-csi
Got:
find . -type f -name "*.rs" | egrep -v "target/|grpc-rs/|protocols/" | xargs rustfmt --check
error[E0670]: `async fn` is not permitted in the 2015 edition
This commit fixes this issue.
Signed-off-by: Tim Zhang <tim@hyper.sh>
There were still issues. Tested in fork, verified environment variable
passing works as before now.
Fixes: #1273
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
