This commit checks the size of "/dev/shm" for the sandbox container
which is then used to create the shared memory inside the guest.
kata agent then uses this size to set up a sandbox level ephemeral
storage for shm. The containers then simply bind mount this sandbox level
shm.
With this, we will now be able to support docker --shm-size option
as well have a shared shm within containers in a pod, since they are
supposed to be in the same IPC namespace.
Fixes#356
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Correct the document URLs which have gone stale.
The virtcontainers build status links have been moved to the top-level
README.
Fixes#376.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
CentOS and some versions of Ubuntu do not provide
bats in their default repository. This change installs
bats from sources.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
`.ci/setup.sh` is using dnf instead of yum to install
centos dependencies. This fixes it to use yum.
Fixes: #104.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
After building the images, perform a very basic test by configuring
the runtime to use them and creating a container.
Fixes#97.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The CPUinfo need to be refined in Arm architecture, because the
vendor and model of CPU may refer to different meaning in Arm architecture.
Besides, relevant contents extracted from /proc/cpuinfo may need to be
normalized for human-readability.
Fixes: #368
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Wei Chen <wei.chen@arm.com>
in old specs.Spec, Capabilities is [] string, but we don't use CompatOCISpec
for compatibility in kataAgent/createContainer.
fixes#333
Signed-off-by: y00316549 <yangshukui@huawei.com>
Instead of pausing the sanbox, this patch just pauses the container
allowing the communication with the agent. The communication with the agent
should be still possible even if all containers are paused, because of we don't
know when a new container can be created in the same sandbox.
Depends-on: github.com/kata-containers/agent#246
fixes#317
Signed-off-by: Julio Montes <julio.montes@intel.com>
Pause and resume container functions allow us to just pause/resume a
specific container not all the sanbox, in that way different containers
can be paused or running in the same sanbox.
Signed-off-by: Julio Montes <julio.montes@intel.com>
When a container is updated, those modifications are stored, to
avoid race conditions with other operations, a RW lock should be used.
fixes#346
Signed-off-by: Julio Montes <julio.montes@intel.com>
Since the vendoring included changes introducing PauseContainer
and ResumeContainer changes, fix the tests to satisfy the grpc api.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
k8s provides a configuration for sharing PID namespace
among containers. In case of crio and cri plugin, an infra
container is started first. All following containers are
supposed to share the pid namespace of this container.
In case a non-empty pid namespace path is provided for a container,
we check for the above condition while creating a container
and pass this out to the kata agent in the CreatContainer
request as SandboxPidNs flag. We clear out the PID namespaces
in the configuration passed to the kata agent.
Fixes#343
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Remove the rootfs tree before attempting to generate one to avoid
picking up any stale information if the function is run multiple times.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Moved the variable specifying the path to the osbuilder metadata file
to the top of the script and made it readonly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Some of the globals were set as read-only variables whilst others
weren't. However, they can all be read-only.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
