In order to support use cases such as containerd-shim-v2 where
we would have a long running process holding the sandbox pointer,
there would be no reason to call into the stateless function
ProcessListContainer(), which would recreate a new sandbox pointer
and the corresponding ones for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function KillContainer(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StopContainer(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StopSandbox(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to support use cases such as containerd-shim-v2 where we
would have a long running process holding the sandbox pointer, there
would be no reason to call into the stateless function StartSandbox(),
which would recreate a new sandbox pointer and the corresponding ones
for containers.
Fixes#903
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
golang.mk call yq to get golang_version_min but some environments do
not install it.
This patch check and install yq before use it to handle the issue.
Fixes#899
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Bind back the nic's MAC in HotDetach. So we don't need to modify
nic's MAC in description to hotplug it again.
Fixes: #894
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
If the rootfs is built with SECCOMP=yes environment
variable then include libseccomp package inside the
rootfs image. Else do not include it.
Fixes: #155
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Use /snap/kata-containers/current as prefix on building but /usr on install.
This changes are needed to include all new kata components like netmon in the
final snap.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Without Real time clock the date could not work properly for Arm64.
fixes: #238
Change-Id: I5834a5e90dc648cc9599c50f259d5ae273052a39
Signed-off-by: Wei Chen <wei.chen@arm.com>
Refactor the config related codes into a separated
package which can be shared with other cli programs
such as kata's shimv2.
Fixes: #787Fixes: #714
Signed-off-by: fupan <lifupan@gmail.com>
This patch added -x option to curl: -x uses the http_proxy
settings to download golang binary behind the firewall
Fixes: #193
Signed-off-by: Leno Hou <lenohou@gmail.com>
Got "docker: Error response from daemon: OCI runtime create failed:
QMP command failed: unknown." when "docker run --privileged" with kata.
In qemu part, it got:
"Could not open '/dev/sr0': Read-only file system"
or
"No medium found"
The cause is qemu need open block device to get its status.
But /dev/sr0 is a CDROM that cannot be opened.
This patch let newContainer doesn't attach device if it is a CDROM
to handle the issue.
Fixes#829
Signed-off-by: Hui Zhu <teawater@hyper.sh>
When running test_images.sh, allow specific rootfs builds to
fail without impacting the overall tests results.
The distros allowed to fail are the ones specifying
BUILD_CAN_FAIL in their config.sh.
Fixes: #190
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Add the ability to trap a build error inside rootfs.sh, without
returning an error code.
Gating conditions (all of them are needed):
- GRACEFUL_EXIT shall be passed as env variable to rootfs.sh
- BUILD_CAN_FAIL shall be specified in the distro config.sh
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Now that Interface structure includes the useful information about
the type of interface, Kata does not need to do any assumption about
the type of interface that needs to be added.
Fixes#866
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
In order to provide the right information about the interface that
needs to be added, kata-netmon provisions the new field LinkType of
the Interface structure.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of relying on the kata agent to define generic structures,
the logic is to define those as virtcontainers "types" package.
This way, all consumers of those structures, such as kata-runtime,
kata-netmon, and kata-containerd-shim, don't have to import some
dependency from the kata-agent.
Fixes#876
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.
Fixes: #875
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Instead of specifying a version for OVMF binary, this patch uses
a tiny script to retrieve the proper URL to download from.
Fixes#289
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
After we scan the netns, we should hotplug the network interface to
the guest after it is kicked off running.
Fixes: #871
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Check that the system golang version is new enough to build with
according to the data from the `versions.yaml` file.
Update the verions in the versions.yaml accordingly, and add a note
describing what the 'newest-version' item represents.
Note, we only do a minimum requirement check, and are not checking
against the 'newest-version' info from the yaml.
Fixes: #148
Inspired-by: Wei Zhang <zhangwei555@huawei.com>
Idea-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Install `yq` before running the tests.
The Makefile now uses `yq` to check the golang version against
the versions file.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
