We don't really require nested nor unrestricted_guest to run. And there
is no point validating host cpu properties in UT.
Fixes: #1508
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Current approach cannot work for shimv2 as there is no kata-shim thus
sandbox.state.pid is always -1. Let's just simplify things by always
making a container share pidns if it has a pidns path.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When used builtin proxy, it's better to config the proxy
debug based on debug setting of runtime in kata configuration.
Fixes:#1495
Signed-off-by: lifupan <lifupan@gmail.com>
Depending of the linux versions some namespaces are supported or not.
To avoid failures running containers and unit tests in old linux kernels,
only the supported namespaces should be used.
Depends-on: github.com/kata-containers/tests#1414
fixes#228
Signed-off-by: Julio Montes <julio.montes@intel.com>
cri-o was moved to a new organization. The new URL
of the project is https://github.com/cri-o/cri-o
Update URL references.
Fixes: #1478.
Depends-on: github.com/kata-containers/tests#1409
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
We have hit an issue using trusty in travis and go 1.11.7
the issue is fixed using xenial.
Fixes: #1492.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
- doc: update architecture.md link
- VMCache: check if vm_cache_endpoint file exists before VMCache server…
- vsock: Pass info about vsock being used or not to the agent.
- qemu: fix qemu leak when failed to start container
- hypervisor: return cpu->threadID mapping
- tests: do cleanUp() always in the end
- cgroups: remove duplicate fields from state
- shimv2: optionally plug rootfs block storage instead of mounting it
- linter: remove deadcode linter check for generic item
- virtcontainers: firecracker: disable ACPI
- config: validate proxy path
- lint: Change go linter from gometalinter to golangci-lint
- Factory: Fix fake return value issue on creating template
- config: Add config flag "experimental"
- Add more build targets
- Update collect script for dax nvdimm images
- Allow data collection to be hidden
- config: Make VMCache can work with vsock
- ci: check curl before use it
- virtcontainers: improve security and mount the rootfs as read-only fs
- refactor: improve readability of `bumpAttachCount`
57b103a vsock: Pass info about vsock being used or not to the agent.
fb64a3e doc: update architecture.md link
b6f382e VMCache: check if vm_cache_endpoint file exists before VMCache server runs
dd6d1e4 fc: return vcpu thread info properly
6fda03e hypervisor: make getThreadIDs return vcpu to threadid mapping
ad697cc vendor: add prometheus/procfs dependency
0e2be42 vendor: fix containerd/cgroups dependency
52c66d2 shimv2: plugin the block backed rootfs directly instead of mount it
628ea46 virtcontainers: change container's rootfs from string to mount alike struct
c0aedeb virtcontainers: firecracker: disable ACPI
096fa04 qemu: fix qemu leak when failed to start container
2e5194e linter: remove deadcode linter check for generic item
dca7a6f config: validate proxy path
dd6e8eb tests: do cleanUp() always in the end
ad7d9b7 cgroups: remove duplicate fields from state
f442876 lint: Update go linter from gometalinter to golangci-lint.
5d761ce scripts: Handle images with a DAX/NVDIMM header
bdf6b2d scripts: Handle missing partitions in collect script
ad228e3 build: Add missing targets to show-usage
e6a7091 build: Allow runtime to be built+installed without shim
206ffc6 build: Don't build the runtime when building shim binary
639e827 config: Make VMCache can work with vsock
aec0d26 ci: check curl before use it
9b73900 katautils: mask systemd-random-seed
6498466 virtcontainers: improve security and mount the rootfs as read-only fs
26a9b72 refactor: improve readability of `bumpAttachCount`
5a271f0 scripts: Allow data collection script output to be hidden
4f34a54 scripts: Refactor collect script
eadf977 Factory: Fix fake return value issue on creating template
da80c70 config: enhance Feature structure
111774c config: add docs for experimental
050f03b config: Add config flag "experimental"
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
We need to change the constraints of kata agent into the memory-hotplug
related commit, to keep track of the revisons in kata agent.
Fixes: #1149
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
we need to notify guest kernel about memory hot-added event via probe interface.
hot-added memory deivce should be sliced into the size of memory section.
Fixes: #1149
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If kata-runtime supports memory hotplug via probe interface, we need to reconstruct
memoryDevice to store relevant status, which are addr and probe. addr specifies the
physical address of the memory device, and probe determines it is hotplugged via
acpi-driven or probe interface.
Fixes: #1149
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
In order to support memory hotplug via probe interface in kata-runtime,
firstly, we need to verify whether guest kernel is capable of that.
Fixes: #1149
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Instead of the agent trying to determine if a serial
or vsock channel is used, pass this information explicitly
as a kernel command line option.
Fixes#1457
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
There is an issue that more than one VMCache server can run with same
vm_cache_endpoint file together.
The cause is factory try to remove vm_cache_endpoint file before VMCache
server runs.
Change it to check if vm_cache_endpoint file exists before VMCache server
runs to handle the issue.
Fixes: #1385
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Gopkg.lock says it's "dbea6f2bd41658b84b00417ceefa416b979cbf10"
but it is actually "5017d4e9a9cf2d4381db99eacd9baf84b95bfb14".
We need to make sure Gopkg.lock does not lie otherwise `dep ensure`
would really fetch the locked revision and it causes build failure
due to API changes.
Introduced by: 76d9db3e0b (vendor: Add github.com/gogo/protobuf).
While at it, constraint containerd/cgroups to a working revision.
Fixes: #1447
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When the container's rootfs is block storage backed such as devmapper,
shimv2 will not mount it on the host, instead it insert it into hypervisor
as a block device directly.
If kata's config set "disable_block_device_use" as true, it will mount
the rootfs onto host as before.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
container's rootfs is a string type, which cannot represent a
block storage backed rootfs which hasn't been mounted.
Change it to a mount alike struct as below:
RootFs struct {
// Source specify the BlockDevice path
Source string
// Target specify where the rootfs is mounted if it has been mounted
Target string
// Type specifies the type of filesystem to mount.
Type string
// Options specifies zero or more fstab style mount options.
Options []string
// Mounted specifies whether the rootfs has be mounted or not
Mounted bool
}
If the container's rootfs has been mounted as before, then this struct can be
initialized as: RootFs{Target: <rootfs>, Mounted: true} to be compatible with
previous case.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
