- snap: Fix yq error in build
- storage: cleanup and support read only block dev hotplug
- rootfs: Don't fallthrough in the docker_extra_args() switch
- github: Add github actions
- shimv2: Avoid double removing of container from sandbox
- Agent: return error on trying to persist a pid namespace and minor improvements
- rustjail: allow network sysctls
- rustjail: fix the issue of sync read
- rustjail: fix the issue of bind mount /dev
- qemu: no state to save if QEMU isn't running
- packaging/qemu: Build and package completely inside the container
- agent: upgrade cgroups to 0.2.0
- agent: Simplify .or_else() to .or()
- Fix error reporting in listInterfaces() and listRoutes()
- improve rustjail validator
- Add void "install" targets for both "trace-forwarder" and "agent-ctl"
- [forwardport] Add support for Gentoo
- oci: fix a typo in "addtionalGids"
- Don't update cpusets if no CPUs changed closes#1172
- rootfs: reduce size of debian image
- runtime: Allow to overwrite DESTDIR
- snap: fix snap release channel
- Don't leak fd when reseeding rng
- Fixes for make generate-protocols
- docs: Fix docs in docs/architecture.md
- docs: Update the Cloud Hypervisor description in virtualization.md
- agent: exit from exec hangs if background process is present
- [forwardport] install: Improve snap documentation
- handle vcpus properly utilized in the guest
- docs: fix the custom agent binary file path for creating initrd image
- shimv2: handle ctx passed by containerd
- runtime: clh: Enforce to call 'cleanupVM' for 'stopSandbox'
- agent: Adjust OOM Score to avoid agent being killed.
- [forward port] cli: make check subcommand more tolerant to failures
- docs: add link to VMT on top level README
- rustjail: fork a new child process to change the pid ns
- rustjail: remove the network ns validation against container
- snap: update apps section
- runtime: don't wait the second shim process in shim start
- agent: create pci root Bus Path for arm64
- agent: enable lto flag for Cargo to get better optimized code
- virtcontainers: revert CleanupContainer from PR 1079
- docs: Create hypervisor summary document
- Add hyperlink and fix typo
- versions: Use CRI-O v1.18.4-4-g6dee3891e
- runtime: change configuration key name from EnablePprof to enable_pprof
- runtime: delete sandboxlist.go and sandboxlist_test.go
- versions: Use release-1.18 (commit ee9128444bec10)
- runtime: clh: disable virtiofs DAX when FS cache size is 0
- release: Fix release candidate to major version upgrade check
- runtime: sleep 1 second after GetOOMEvent failed
- Agent: README updates for build on ppc64le
- runtime: clean/refactor code
- Forward port annotation doc
- versions: Update cloud-hypervisor to release v0.11.0
- docs: Add instructions for enabling VM templating
- Revert "version: revert back to crio 1.8.3"
- Dump guest memory when kernel panic for QEMU
- clh: Consolidate the code path for device unplug
- agent: Log ttrpc messages
- annotations: Improve asset annotation handling
- runtime: readonly volume should be bind mounted readonly on the host
- docs: Fix incorrect docs in config file
- CI: Fix incorrect URL
- docs: Update top-level README
- versions: Update crio version
- runtime: cloud-hypervisor: reduce memory footprint
- agent: Improve unit test coverage for src/sandbox.rs
- rustjail: fix the issue of create thread failed causing current thread panic
- Improve unit test coverage for rustjail/container.rs
- agent: Update build instructions
- cli: Provide aliases for kata-* subcommands and options
- runtime: Restore QEMUVIRTIOFSPATH variable in Makefile
- Use apply_patches.sh in qemu and kernel scripts
- clean up agent proto files
- agent: fixes the permissions of PID 1's STDIO
- Feature/1004 add version for kata monitor
- agent: Generate proto files programmatically
- runtime: Fix firecracker config
- docs: remove the 1.x version description about shim and proxy
- arm64: correct bridge type for QEMUVIRT
- snap: add GH actions jobs to release the snap package
- agent: clear clippy warnings
- agent: simplify ttrpc error construction
- Replace @RUNTIME_NAME@ with the target in generated files
- 2.0 update doc for hypervisor related information
- virtcontainers: Append max_ports to virtio-serial device
- snap: install libseccomp-dev
- runtime: set virtio-fs as default fs sharing method
- VirtioFS: backports & default settings to improve performance
- tools: Make agent-ctl support more APIs
- Validate runtime annotations
- kernel: update to 5.4.71
- config: make virtio-fs part of standard kernel
- agent: Optimize error handling
- versions: Update Kubernetes, containerd, cri-o and cri-tools
- agent: fix crashers if API requests empty
- rustjail: add length check for uid_mappings in rootless euid mapping
- kata-monitor: use regexp to check if runtime is kata containers
- docs: update the build kata containers kernel document
- cgroup and cpuset fixes from 1.x
- docs: Update upgrading guide
- agent: fix panic on malformed device resource in container update
- Forward port device conflict fixes from Kata 1 / Go agent
- docs: Add containerd install guide
- agent: simplify codes
- agent: fix errorneous parsing for guest block size
- agent: use macro to simplify parse_cmdline function in config.rs
- fix arm CI
- packaging: fix missing cloud_hypervisor_repo
- docs: Add crictl example json files
- ci: snap: add event filtering
- agent: do not follow link when mounting container proc and sysfs
- agent-ctl: include cargo lock updates
- agent: set init process non-dumpable
- runtime: Clear the VCMock 1.x API Methods from 2.0
- virtiofs: Disable DAX
- docs: Update docs for enabling agent debug console
- Remove compilation warnings
- osbuilder: Create target directory for agent
- versions: add plugins section
- snap: specify python version
- packaging: fix image build script
- Main packaging fixups
- clh: Support VFIO device unplug
- ci: add github action to test the snap
- docs: update networking description
- docs: update dev guide for agent build
- rust-agent: Update README
- docs: update architecture.md
- runtime: add support for SGX
- version: upgrade qemu version to v5.1.0 for arm64
- agent: Fix OCI Windows network shared container name typo
- github: Remove issue template and use central one
- docs: fix broken links
- Packaging: release notes script using error kernel path urls
- rust-agent: Replaces improper use of match for non-constant patterns
- devices: fix go test warning in manager_test.go
- action: Allow long lines if non-alphabetic
- Indicates never return function and remove unreachable code
- agent: propagate the internal detail errors to users
- Update Installation Guide to better reflect the current state of the project
- ci: fix clone_tests_repo function
- agent: Set LIBC=gnu for ppc64le arch by default
- fc: integrate Firecracker's metrics
- Fix to qemu experimental and improvements
- ci: resurrect travis static checkers
- agent: fix UT failures due to chdir
- agent: Only allow proc mount if it is procfs
- kata 2.0: add debug console service
- runtime: Call s.newStore.Destroy if globalSandboxList.addSandbox
- shimv2: add a comment in checkAndMount()
- osbuilder: specify default toolchain verion in rust-init
- runtime: Update CLH client pkg to version v0.10.0
- agent/oci: Don't use deprecated Error::description() method
- runtime: Fix linter errors in release files
- packaging: Build from source if the clh release binary is missing
- runtime: add podman configuration to data collection script
- ci: use Travis cache to reduce build time
- agent: update cgroups crate
- docs: Update the reference path of kata-deploy in the packaging
- runtime: make kata-check check for newer release
- how-to: add privileged_without_host_devices to containerd guide
- agent: Unit tests for rustjail/mount.rs
- docs: Fix the kata-pkgsync tool's docs script path
- Fix developer guide
- fix guest panic when running agent as init
- packaging: update version file url for kata 2.0 in Makefile
- Fix release notes
789fd7c1 blk-dev: hotplug readonly if applicable
12777b26 volumes: cleanup / minor refactoring
fbc1d123 vendor: revendor govmm
6cc1920c snap: Fix yq error in build
b329a74f rootfs: Fix indentation inside a switch
8879f9a0 rootfs: apparmor=unconfined is needed for non Red Hat host OSes
bbeebcdb rootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to docker cmdline
90ec2fa8 rootfs: Don't fallthrough in the docker_extra_args() switch
ebd9fcc2 actions: Run static checks before make agent
0d3736d5 rustjail: fix the issue of sync read
0dc02f6d rustjail: fix the issue of bind mount /dev
894fa42a rustjail: allow network sysctls
d4cd2554 agent: Avoid container stats panic caused by cgroup controller non-exist
157e055f agent: upgrade crate cgroups to 0.2.0
e3ec1d50 agent: Simplify .or_else() to .or()
14e7042c agent: Clean up commented use declarations
5fe5b321 agent: Fix temp prefix on Namespace::test_setup_persistent_ns
3a891d4e agent: Return error on trying to persist a pid namespace
5c464018 shimv2: Avoid double removing of container from sandbox
b366af93 jail: add more test cases for validator
d38a5d3f jail/validator: introduce helpers to reduce duplicated code
76ad3213 jail/validator: avoid unwrap() for safety
51fd624f rustjail: add more context info for errors
9321e1b2 oci: fix two incompatible issues with OCI spec
406a91ff agent: consume ttrpc crate from crates.io
9a7bcccc qemu: no state to save if QEMU isn't running
6181570c oci: fix a typo in "addtionalGids"
a5372e00 github: Add github actions
4af5beda agent/sandbox: Don't update cpuset when ncpus = 0
e004616b runtime/network: Fix error reporting in listRoutes()
1ae8e81a runtime/network: Correct error reporting in listInterfaces()
a19263e5 agent/protocols: Remove unneeded import from oci.proto
a19cf28c agent/protocols: Remove some unnecessary include directives from protoc
2b452090 agent/protocols: Remove some unneeded dependencies for protocol generation
b36c9ea3 docs: Fix docs in docs/architecture.md
3db1c805 agent: Don't leak fd when reseeding rng
8ac93f65 rootfs-builder: add support for gentoo
9897238f rootfs: reduce size of debian image
d47122e9 docs: Update the Cloud Hypervisor description in virtualization.md
10e9bfc6 runtime: Allow to overwrite DESTDIR
f740032c packaging/qemu: Delete the temporary container
e5c710e8 packaging/qemu: Build and package completely in the container
4c3377de packaging/qemu: Add QEMU_DESTDIR argument to dockerfiles
faed2369 rootfs-builder: add functions to run before and after the container
8e5603e6 snap: fix snap release channel
8f538935 install: Improve snap documentation
1ca415d8 agent: exit from exec hangs if background process is present
a00f7c34 docs: fix the custom agent binary file path for creating initrd image
0155fe12 shimv2: handle ctx passed by containerd
a793b8d9 agent: update cpuset of container path
705182d0 agent: ignore updating cpuset error when update cgroups
647331ac runtime: clh: Enforce to call 'cleanupVM' for 'stopSandbox'
e684a541 docs: add link to VMT on top level README
68f66c51 agent-ctl: Add void "install" target
5e407758 trace-forwarder: Add void "install" target
70f198d7 cli: check modules and permissions before loading a module
cb684cf8 cli: don't fail if rate limit is exceeded
9216f2ad rustjail: fork a new child process to change the pid ns
3b08376c rustjail: remove the network ns validation against container
c388ec5b runtime: don't wait the second shim process in shim start
d6acc4c0 agent: enable lto flag for Cargo to get better optimized code
13a8e4e3 snap: update apps section
fdbf7d32 virtcontainers: revert CleanupContainer from PR 1079
91a390f0 docs: Create hypervisor summary document
3eeb25a1 docs: Tidied up virtualisation summary table
8ec3cf08 docs: Adding hyperlink to virtio-net in kata documentation 2.0
b5b67db8 docs: Fixing typo in virtualization.md file
4d46d0f0 versions: Use CRI-O v1.18.4-4-g6dee3891e
53b5d063 agent: Adjust OOM Score to avoid agent being killed.
14a21c3a runtime: change configuration key name from EnablePprof to enable_pprof
4e3a8c01 runtime: remove global sandbox variable
29020394 runtime: delete sandboxlist.go and sandboxlist_test.go
9b88a96b versions: Use release-1.18 (commit ee9128444bec10)
36f65ce1 runtime: clh: update cloud-hypervisor
e1396f04 runtime: clh: disable virtiofs DAX when FS cache size is 0
8f38265b release: Fix release candidate to major version upgrade check
2e0bf40a tests: Ensure semver build metadata is ignored
4024a827 release: Make error format string consistent
cb0e6094 runtime: sleep 1 second after GetOOMEvent failed
4c78814b docs: Fix pre-existing spelling mistakes caught by the CI
6c083d94 docs: Add a link to document describing how to use annotations
d67921a2 docs: Document restricted annotations
1fc7b764 docs: Repair inconsistencies between 2.0 and 1.x
21801a11 versions: Revert "version: revert back to crio 1.8.3"
b8414045 runtime: remove nsenter
e3510be8 runtime: use one line if statement to check if err is nil for qemu.go
378308e2 docs: Add instructions for enabling VM templating
92c1c4c6 versions: Update cloud-hypervisor to release v0.11.0
8907a339 agent: Only show ttrpc logs for trace log level
21cd7ad1 agent: Log ttrpc messages
286eebf0 agent: Add env var to set log level
b9c6db4b agent: Add env var tests
705e9955 agent: Add env var comment
5ced96e9 hypervisor: Remove unused methods
e82c9dae annotations: Improve asset annotation handling
0f26f1cd annotations: Add missing hypervisor control annotation
76064e3e asset: Formatting, grammar and whitespace
40418f6d runtime: add geust memory dump
ff13bde3 version: revert back to crio 1.8.3
6c2fc233 agent: create pci root Bus Path for arm64
a958eaa8 runtime: mount shared mountpoint readonly
125e21ce runtime: readonly mounts should be readonly bindmount on the host
5f0abc20 CI: Fix incorrect URL
b6f8a1d5 docs: Fix incorrect docs in config file
93d79625 clh: Consolidate the code path for device unplug
18a22459 Agent: README updates for build on ppc64le
655f2649 Agent: README updates for build on ppc64le
62c7e094 docs: Remove credits
679df0fb docs: Update top-level README
dfe364f8 Agent: README updates for build on ppc64le
77b50969 runtime: cloud-hypervisor: reduce memory footprint
2e1a8f0a agent: Improve unit test coverage for src/sandbox.rs
87848e87 versions: Update crio version
172d015e rustjail: fix the issue of create thread failed causing thread panic
9e93463b agent/rustjail: improve unit test coverage for rustjail/container.rs
ad4f7b86 agent/rustjail: make mount and umount2 public
926a6186 agent/rustjail: fix typo
8130d9b2 agent/rustjail: don't use unwrap in container::oci_state
5d111071 rustjail: add mock implementation for cgroup manager
e3eff0eb agent: Update build instructions
0896ce80 agent: update proto file copyright
6e9ca457 agent: generate proto files properly
837343f0 agent-ctl: update cargo.lock
b3166618 runtime: remove the unused proto files
54e23c83 agent: move gogo.proto out of the github.com namespance
583e6ed3 agent: types.pb.go is not regenerated
bb19fcb9 docs: Update documentation with new subcommand forms
d2fe7091 cli: Use new subcommand forms in kata-manager script
4d9ab0cd cli: Support new subcommand forms in bash completion
c5d355e1 cli: Remove `kata-` prefix from env and check subcommands
f134b4a3 agent: Update build instructions
9e9988df agent/protocols: Move agent.proto out of the mock folder of agent
e90aa7b4 agent: fixes the permissions of PID 1's STDIO
b9b281e7 packaging: Use apply-patches.sh in build-kernel.sh
163e6104 packaging: Make qemu/apply_patches.sh common
d4cf3057 packaging: qemu/apply_patches.sh should sort the patches
5b065eb5 runtime: change govmm package
9cb41507 agent/protocols: Fix copyright header checking
0d58d919 agent/protocols: Stop generate agent proto files in the shellscript
7559382b agent/protocols: Ignore generated files and remove these files from repo
fdc33fb7 agent/protocols: Generate proto files programmatically
f1c3bf6b runtime: let kata-collect-data.sh collect kata-monitor info
993a8da3 kata-monitor: add version subcommand
4ee78120 runtime: Restore QEMUVIRTIOFSPATH variable in Makefile
df4ce9fa ci: add `cargo clippy` for agent
2e138788 agent: clear match_like_matches_macro/vec_resize_to_zero warnings
227edfdc agent: clear module_inception/type_complexity warnings
698d25b7 agent: clear redundant_field_names clippy warning
4dd9bd7a agent: clear clippy `len_zero` warnings
bf7dec5c agent: clear clippy warnings
56f867ee rustjail: clear clippy warnings
16757ad4 oci: clear clippy warnings
f32f49bd logging: clear clippy warnings
5b079a3b snap: add GH actions jobs to release the snap package
2738b18b runtime: Fix firecracker config
e5d4259a runtime: Simplify make variables for clh
9eab3015 arm64: correct bridge type for QEMUVIRT
b88aac04 docs: Update how-to Readme with hypervisor information.
d6464117 docs: Update Readme to remove hypervisor information
b4f9fb51 docs: Remove docs for nemu
96a4ed7d Makefile: Replace @RUNTIME_NAME@ with the target in generated files
7159fc2e agent: simplify ttrpc error construction
0f894986 snap: install libseccomp-dev
9a351509 package: drop qemu-virtiofs shim
6ed669a1 packaging: install virtiofsd for normal qemu build as well
da79b4be virtcontainers: Append max_ports to virtio-serial device
bcf48530 runtime: enable virtiofs by default
e2221d34 tools: Improve agent-ctl README
2d1f2c7b kernel: update to 5.4.71
d3c98620 config: make virtio-fs part of standard kernel
edf02af1 tools: Make agent-ctl support more APIs
56201803 tools: Remove commented out code in agent-ctl
9bac4ee6 tools: Log request in agent-ctl tool if debug enabled
68821f08 tools: Rename agent-ctl command to GetGuestDetails
8553f062 tools: Fix comment in agent-ctl
6ba294a1 agent: remove `unwrap()` for `e.as_errno()`
e77482fe agent: Use `?` instead of `match` when the error returns directly
1b7ed328 kata-monitor: use regexp to check if runtime is kata containers
47ff2fb9 agent: use anyhow `context` to attach context to `Error` instead of `match`
2f690a2b agent: remove useless match
1d8def66 agent: Use `ok_or_else` instead of match for Option -> Result
84953066 agent: Fix crasher if AddARPNeighbors request empty
3d084c7d agent: Fix crasher if UpdateRoutes request empty
5615e5a7 agent: Fix crasher if UpdateInterface request empty
0dce817e agent: replace `match Result` with `or_else`
7bf4073d agent: replace unnecessary `match Result` with `map_err`
7f9e5913 agent: replace check! with map_err for readability
09aca49e agent: remove `check!` in child process because we cant' see logs.
a18899f1 agent: refactor namespace::setup to optimize error handling
a3c64e5c agent: replace `if let Err` with `or_else`
6ffa8283 agent: replace `if let Err` with `map_err`
863f918a rustjail: add length check for uid_mappings in rootless euid mapping
720eab78 versions: Update Kubernetes, containerd, cri-o and cri-tools
c5771be2 annotations: Correct unit tests to validate new protections
398d7918 annotations: Split addHypervisorOverrides to reduce complexity
b2b3bc7a annotations: Add unit test for checkPathIsInGlobs
6f52179c annotations: Add unit test for regexpContains function
966bd573 makefile: Add missing generated vars to `USER_VARS`
be6ee255 makefile: Improve names of config entries for annotation checks
b1194274 annotations: Give better names to local variabes in search functions
b5db114a annotations: Rename checkPathIsInGlobList with checkPathIsInGlobs
d65a7d10 config: Add better comments in the template files
7c6aede5 config: Whitelist hypervisor annotations by name
f047fced config: Use glob instead of regexp to match paths in annotations
11b9c90c annotations: Fix typo in comment
c16cdcb2 config: Add makefile variables for path lists
4e89b885 config: Protect file_mem_backend against annotation attacks
aae9656d config: Protect vhost_user_store_path against annotation attacks
55881653 config: Add security warning on configuration examples
b21a829c config: Protect ctlpath from annotation attack
27b6620b config: Protect jailer_path annotation
07669017 config: Add examples for path_list configuration
2d431c61 annotations: Simplify negative logic
2ca9ca89 config: Add hypervisor path override through annotations
2e093dfd config: Fix typo in function name
bf13ff0a config: Protect virtio_fs_daemon annotation
8c75de19 config: Add 'List' alternates for hypervisor configuration paths
fc6468ef agent: fix panic on malformed device resource in container update
d8a8fe47 cpuset: don't set cpuset.mems in the guest
88cd7128 sandbox: consider cpusets if quota is not enforced
77a463e5 cpuset: support setting mems for sandbox
2d690536 cpuset: add cpuset pkg
1a9515a9 runtime: Pass `--thread-pool-size=1` to virtiofsd
1c528cd1 packaging: Apply virtiofs performance related fixes to 5.x
5b520003 docs: Update upgrading guide
0e0564a5 docs: update the build kata containers kernel document
ae6b8ec7 agent/device: Check type as well as major:minor when looking up devices
859301b0 agent/device: Index all devices in spec before updating them
2477c355 agent/device: Forward port update_spec_device_list() unit test
08d80c1a agent/device: update_spec_device_list() should error if dev not found
12cc0ee1 sandbox: don't constrain cpus, mem only cpuset, devices
b6cf68a9 cgroups: add ability to update CPUSet
b812d4f7 virtcontainers: add method for calculating cpuset for sandbox
f63f7405 agent: fix errorneous parsing for guest block size
43d70a32 docs: Add containerd install guide
11c1ab8b agent: use ok_or/map_err instead of match
6b9f9915 rustjail: use Iterator to manipulate vector elements
a7251651 docs: remove the 1.x version description about shim and proxy
dc1442c3 rustjail: delete codes commented out
aa04111d rustjail: delete unused test code
eae685dc agent: use chain of Result to avoid early return
5e3d1fb6 agent: add blank lines between methods
980e48ca agent: delete unused field in agentService
52b821fa agent: use no-named closure to reduce codes
82e94501 packaging: fix cloud-hypervisor binary path
b1f95e8d agent: use a local fn to reduce duplicated codes
154a356a packaging: apply qemu v5.1 stable fixes
c781a808 agent: fix aarch64 build
906b3844 agent: update not accurate comments
78318c18 packaging: fix missing cloud_hypervisor_repo
b7309943 agent: use macro to simplify parse_cmdline function in config.rs
9834a766 docs: add namespace key to pod/container config files
37e7de72 ci: snap: add event filtering
9a02e6eb docs: Add crictl example json files
b7147eda agent: do not follow link when mounting container proc and sysfs
15b71563 agent: set init process non-dumpable
00ad3fd3 agent-ctl: include cargo lock updates
8cd62d7b versions: add plugins section
c4472481 virtiofs: Disable DAX
3e56de81 snap: specify python version
e3cdc89b osbuilder: Create target directory for agent
7cad865d packaging: fix image build script
0e898c6b rust-agent: Treat warnings as error
0e4baaab rust-agent: Identify unused results in tests
5b2b5652 rust-agent: Log returned errors rather than ignore them
d617caf1 rust-agent: Remove unused imports
ee739c5d rust-agent: Report errors to caller if possible
d5b492a1 rust-agent: Ignore write errors while writing to the logs
c635c46a rust-agent: Remove unused code that has undefined behavior
ec24f688 rust-agent: Remove 'mut' where not needed
c8f406d4 rust-agent: Remove uses of deprecated functions
f832d8a6 rust-agent: Remove or rename unused parameters
5a1d3311 rust-agent: Remove or rename unused variables
27efe291 rust-agent: Remove unused functions
d76ece0c rust-agent: Remove useless braces
3682812e rust-agent: Remove unused macros
483209bf actions: add kata deploy test
07930024 packaging: cleaning, updating based on new filepaths
f0f205cd packaging: remove obs-packaging
4b1753c5 packaging: pull versions, build-image out from obs dir
3f6cd4d5 packaging: Revert "packaging: Stop providing OBS packages"
c33ee54a clh: Support VFIO device unplug
1f4dfa31 clh: Remove unnecessary VmmPing
cc80ae0a versions: cloud-hypervisor: Bump to version 6d30fe05
0fec7a4d docs: Change kata_tap0 to tap0_kata
3394a6a5 docs: update networking description
2e83f405 dev-guide: update kata-agent install details
ffea705a docs: Update docs for enabling agent debug console
777f3981 docs: update dev guide for agent build
aa8eefd8 ci: add github action to test the snap
ea1cb37b versions: cloud-hypervisor: bump version
0ebffdf2 runtime: cloud-hypervisor: tag openapi-generator-cli container
e51a1ea3 docs: use-cases: Add Intel SGX use case
7d638231 runtime/vendor: add k8s.io/apimachinery/pkg/api/resource
6df165c1 runtime: add support for SGX
a5b3e1cd docs: drop docker installation guide
6c4300c6 docs: fix static check errors in docs/install/README.md
59224a76 docs: update architecture.md
a89deb3e rust-agent: Update README
80c52834 github: Remove issue template and use central one
0ccbca3b agent: Fix OCI Windows network shared container name typo
a6221a74 qemu: upgrade qemu version to 5.1.0 for arm64.
f30b86f1 Packaging: release notes script using error kernel path urls
a7faeaac docs: fix broken links
4501c25a agent: propagate the internal detail errors to users
1984e635 ci: fix clone_tests_repo function
02c1a59f agent: Set LIBC=gnu for ppc64le arch by default
7019e72c agent: remove unreachable code
942999ed agent: Change do_exec return type to ! because it will never return
757dfa70 fc: integrate Firecracker's metrics
b03d958e gitignore: ignore agent service file
64b4f698 agent: fix UT failures due to chdir
85d22301 runtime: fix TestNewConsole UT failure
e90e9a2c travis: skip static checker for ppc64
5611283e runtime: fix golint errors
daf2a54d agent: fix cargo fmt
c05c4ba5 ci: always checkout 2.0-dev of test repository
1569b3b3 docs: fix static check errors
df3119b6 runtime: fix make check
484a595f runtime: add enable_debug_console configuration item for agent
febdf8f6 runtime: add debug console service
07d339c7 devices: fix go test warning in manager_test.go
a4afe3af rust-agent: Replaces improper use of match for non-constant patterns
acaa806c agent: Only allow proc mount if it is procfs
ca501e54 osbuilder: specify default toolchain verion in rust-init.
03517327 action: Allow long lines if non-alphabetic
33513fb4 rustjail: make the mount error info much more clear
45b0b4ed agent/oci: Don't use deprecated Error::description() method
a34478ff runtime: Update cloud-hypervisor client pkg to version v0.10.0
ce675075 static-build/qemu-virtiofs: Refactor apply virtiofs patches
512b38cf packaging/qemu: Add common code to apply patches
edce2712 static-build/qemu-virtiofs: Fix to apply QEMU patches
86a864b8 packaging: Build from source if the clh release binary is missing
33585a8e runtime: Fix linter errors in release files
e3a0f9b3 ci: use export command to export envs instead of env config item
36ce7018 agent: update cgroups crate
3523167d runtime: Call s.newStore.Destroy if globalSandboxList.addSandbox
9e5a4b8b ci: use Travis cache to reduce build time
52984b67 docs: Update the reference path of kata-deploy in the packaging
eae21591 runtime: add podman configuration to data collection script
d1277848 how-to: add privileged_without_host_devices to containerd guide
98c4d11b docs: fix k8s containerd howto links
f107b12b docs: fix up developer guide for 2.0
9f2f5201 docs: Fix the kata-pkgsync tool's docs script path
96f8769a travis: enable RUST_BACKTRACE
cda7acf7 agent/rustjail: add more unit tests
98cc979a agent/rustjail: remove makedev function
b99fefad agent/rustjail: add unit tests for ms_move_rootfs and mask_path
d79fad2d agent/rustjail: implement functions to chroot
25c91afb agent/rustjail: add unit test for pivot_rootfs
7cf0fd95 agent/rustjail: implement functions to pivot_root
672da4d0 agent/rustjail: add unit test for mount_cgroups
ab61cf7f agent/rustjail: add unit test for init_rootfs
0a0714c9 agent/rustjail/mount: don't use unwrap
3dc9452b agent/rustjail: add tempfile crate as depedency
d756f52c rustjail: implement functions to mount and umount files
a02d1787 gitignore: ignore agent version.rs
b518ddea agent: fix agent panic running as init
1a77f69e runtime: make kata-check check for newer release
61181b9f packaging: use local version file for kata 2.0 in Makefile
e1c6aa27 docs: fix release process doc
1acfba4d packaging: fix release notes
1839dfd9 runtime: Clear the VCMock 1.x API Methods from 2.0
7225460a shimv2: add a comment in checkAndMount()
22ca2da6 packaging: Stop providing OBS packages
afa88c1b install: Add contacts to the distribution packages
3955cc89 install: Update information about Community Packages
218f77d7 install: Update SUSE information
2a0e76a8 install: Update openSUSE information
691f1364 install: Update RHEL information
270fc4b2 install: Update Fedora information
492b4e90 install: Update CentOS information
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
yq major releases are not backward compatible, install the same
major version used in the CI to avoid conflics building the kata
components.
We should update yq when the CI updates it, not before.
fixes#1232
Signed-off-by: Julio Montes <julio.montes@intel.com>
This reverts commit 6cc1920c37.
Instead of updating the syntax of yq, let's use yq 3.x, otherwise
yq must be updated in the CI and the syntax updated in all the
tools (osbuilder, packging).
Signed-off-by: Julio Montes <julio.montes@intel.com>
The snap build pulls the latest release of `yq`, but `yq` version 4
changed the CLI syntax for reading a YAML file.
Update the snap config file to use the new `yq` v4 syntax.
Fixes: #1232.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This commit includes minimal changes in order to switch to Tokio:
- Update protocol crate to generate async server code
- Adds async entry point to the Agent
- Updates agent services signatures in rpc.rs
Fixes: #1209
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This is not needed for Fedora, RHEL, and CentOS, but it is required when
using any other host OS. Having --security-opt apparmor=unconfined used
unconditionally is a no go as it'd break podman.
The reason this was only added when building for SUSE (as target distro)
was because debian and ubuntu condition would fall-through the switch to
the suse case (which makes me think that the fall-through was not
accidental).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Falling through the switch cases in docker_extra_args() looks like a
typo and causes issues when building with podman, as `--security-opt
apparmor=unconfinded" shouldn't be passed if Apparmor is no enable on
the system.
Fixes: #1241
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Run static checks prior to building the agent.Checks
fail if run after since the compilation process
produces new rust code.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
It should check the read count and return an
error if read count didn't match the expected
number.
Fixes: #1233
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In case the container rootfs's /dev was overrided
by binding mount from another directory, then there's
no need to create the default devices nodes and symlinks
in /dev.
Fixes: #692
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Return SingularPtrField::none() instead of panic when getting stats
from cgroup failed caused by cgroup controller missing.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Fixes: #1224
35ecd6f (origin/change-name, change-name) Update readme
eb6577e Change package name to cgroups-rs
8f6a7e0 Merge pull request #19 from Tim-Zhang/0.2.0
9baa065 (origin/0.2.0, 0.2.0) release: v0.2.0
e160df0 Make read_i64_from private and merge read_str_from to its caller
e1e05d3 Make new_with_relative_paths=new and load_with_relative_paths=new in v2
a89f4a0 Support set notify_on_release & release_agent
61a0957 Fix set_swappiness in cgroup v2
0592045 Ignore kmem in cgroup v2
c254fff Update readme
438d774 Fix test
42ee1ba Make Cgroup can be stored in struct
b6bb5ae docs: Hide Re-exports
d2882b1 Print cause when println!("{}")
abcb5ed Add more logs for create_dir error in controller.create
1f188be Detect subsystems and get root from /proc/self/mountinfo
fbd7164 Fix warnings in tests
f342254 Remove Box wrap of Cgroup.hire
cd998f3 Do not place cgroup under relative path read from cgroup by default
1ac76b6 Make function find_v1_mount pub
121f78d Expose deletion error
0f76570 Avoid exception caused by cgroup writeback feature
10650e2 Update tests to adapt new type of fields in resource
567cdb4 Use Option as resource fields, remove the update switch: update_values
0c18b08 Support customized attributes for CpuController and MemController
ca610bb add add_task_by_tgid
Signed-off-by: Tim Zhang <tim@hyper.sh>
get_bool_value() in src/agent/src/config.rs includes a Result::or_else()
call with a trivial closure which can be replaced by a Result::or. This
removes a clippy warning.
fixes#1201
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Wrong prefix on the created temp directory on the test_setup_persistent_ns
for uts namesmpace type test.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
An pid namespace cannot be persisted, so add a check-and-error on
Namespace::setup() for handling that case.
Fixes#1220
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
RemoveContainerRequest results in calling to deleteContainer, according
to spec calling to RemoveContainer is idempotent and "must not return
an error if the container has already been removed", hence, don't
return error if the error reports that the container is not found.
Fixes: #836
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
