Include on the terms glossary some words about the agent init as
later on README its explain how the agent can be switched between
systemd and init.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This patch fixed the security issue if the container images has
unsafe symlink to the container rootfs and hackers can be exploit
this symlink to hack the guest system. e.g. make directory or files
on guest.
CVE-2015-3629
Fixes: #1219
Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
Changed the user-visible urls to point to the right Kata Containers
files/repositories.
Fixes#234
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
To avoid hitting quota limit on docker.io, this changes the Fedora
and CentOS dockerfiles to pull the image from the projects registries.
Fixes#1324
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
According to runtime-spec:
The poststart hooks MUST be invoked by the runtime. If any poststart
hook fails, the runtime MUST log a warning, but the remaining hooks
and lifecycle continue as if the hook had succeeded
Fixes: #1252
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
According to runtime-spec:
The poststop hooks MUST be invoked by the runtime. If any
poststop hook fails, the runtime MUST log a warning, but
the remaining hooks and lifecycle continue as if the hook
had succeeded.
Fixes: #1252
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Stable and candidate snapcraft's channels are used to release Kata
Containers 1.x and 2.x respectively. Alpha and RC releases shouldn't
be pushed to the snap store because there are not enough channels
for all the releases of Kata Containers 1.x and 2.x.
fixes#1303
Signed-off-by: Julio Montes <julio.montes@intel.com>
yq major releases are not backward compatible, install the same
major version used in the CI to avoid conflics building the kata
components.
We should update yq when the CI updates it, not before.
fixes#1232
Signed-off-by: Julio Montes <julio.montes@intel.com>
- volume cleanup, RO blk device support
- Backport to stable-2.0 branch
- [stable 2.0] backport VFIO fixes
- [backport] snap: fix snap release channel
- [backport] snap: add GH actions jobs to release the snap package
- backport fixes to stable-2.0.0
- Backport: Backport doc changes from 2.0 dev
e4cea92a blk-dev: hotplug readonly if applicable
0590fedd volumes: cleanup / minor refactoring
6b666899 vendor: revendor govmm from intel to kata-containers
65ae1271 runtime: clh: update cloud-hypervisor
9bc6fe6c runtime: clh: disable virtiofs DAX when FS cache size is 0
349d496f versions: Update cloud-hypervisor to release v0.11.0
60050264 rootfs: Fix indentation inside a switch
91b43a99 rootfs: apparmor=unconfined is needed for non Red Hat host OSes
2478b8f4 rootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to docker cmdline
499aa24d rootfs: Don't fallthrough in the docker_extra_args() switch
1edb7fe7 rustjail: fix the issue of sync read
607a892f rustjail: fix the issue of bind mount /dev
26f176e2 rustjail: allow network sysctls
3306195f agent: Avoid container stats panic caused by cgroup controller non-exist
a7568b52 agent: Clean up commented use declarations
e6d68349 agent: Fix temp prefix on Namespace::test_setup_persistent_ns
1f943bd6 agent: Return error on trying to persist a pid namespace
9a41d09f shimv2: Avoid double removing of container from sandbox
8fdb85e0 jail/validator: avoid unwrap() for safety
49516ef6 rustjail: add more context info for errors
21fad464 oci: fix two incompatible issues with OCI spec
b745e5ff agent: consume ttrpc crate from crates.io
40316f68 qemu: no state to save if QEMU isn't running
35b619ff oci: fix a typo in "addtionalGids"
662e8db5 agent/sandbox: Don't update cpuset when ncpus = 0
9117dd40 runtime/network: Fix error reporting in listRoutes()
fce14f36 runtime/network: Correct error reporting in listInterfaces()
0fd70f7e rootfs-builder: add support for gentoo
4727a9c3 rootfs: reduce size of debian image
7ab8f62d runtime: Allow to overwrite DESTDIR
7e92833b packaging: Make qemu/apply_patches.sh common
14b18b55 packaging/qemu: Delete the temporary container
1dde0de1 packaging/qemu: Build and package completely in the container
d4c1b768 packaging/qemu: Add QEMU_DESTDIR argument to dockerfiles
3c36ce81 rootfs-builder: add functions to run before and after the container
c9d4e2c4 agent-ctl: Add void "install" target
5fadc5fc trace-forwarder: Add void "install" target
5f887506 snap: fix snap release channel
7526ee93 snap: add GH actions jobs to release the snap package
21ed9dc2 agent: update proto file copyright
5f1520bd agent: generate proto files properly
e30bd673 agent-ctl: update cargo.lock
78df4a0c runtime: remove the unused proto files
7daf9cff agent: move gogo.proto out of the github.com namespance
293be9d0 agent: types.pb.go is not regenerated
84e1a34f agent/protocols: Move agent.proto out of the mock folder of agent
cf56307e agent/protocols: Fix copyright header checking
359f76d2 agent/protocols: Stop generate agent proto files in the shellscript
ca8f1399 agent/protocols: Ignore generated files and remove these files from repo
0bb559a4 agent/protocols: Generate proto files programmatically
4ca4412f docs: fix spell check
3d80c848 docs: Update how-to Readme with hypervisor information.
f0fdc8e1 docs: Update Readme to remove hypervisor information
e53645ec docs: Remove docs for nemu
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Update cloud-hypervisor to commit 2706319.
Fixes a limitation in OpenAPITools/openapi-generator tool,
it's impossible to send go zero types, like false and 0 to
cloud-hypervisor because `omitempty` is added if a field is not
required.
See cloud-hypervisor/cloud-hypervisor#1961 for more information
Signed-off-by: Julio Montes <julio.montes@intel.com>
Guest consumes 120Mb more of memory when DAX is enabled and the default
FS cache size (8G) is used. Disable dax when it is not required
reducing guest's memory footprint.
Without this patch:
```
7fdea4000000-7fdee4000000 rw-s 18850589 /memfd:ch_ram (deleted)
Size: 1048576 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 187876 kB
```
With this patch:
```
7fa970000000-7fa9b0000000 rw-s 612001 /memfd:ch_ram (deleted)
Size: 1048576 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 57308 kB
Pss: 56722 kB
```
fixes#1100
Signed-off-by: Julio Montes <julio.montes@intel.com>
The release v0.11.0 of cloud-hypervisor features the following changes:
1) Improved Linux Boot Time, 2) `SIGTERM/SIGINT` Interrupt Signal,
Handling 3) Default Log Level Changed, 4) `io_uring` support by default
for `virtio-block` (on host kernel version 5.8+), 5) Windows Guest
Support, 6) New `--balloon` Parameter Added, 7) Experimental
`virtio-watchdog` Support, 8) Bug fixes.
Fixes: #1089
Signed-off-by: Bo Chen <chen.bo@intel.com>
This is not needed for Fedora, RHEL, and CentOS, but it is required when
using any other host OS. Having --security-opt apparmor=unconfined used
unconditionally is a no go as it'd break podman.
The reason this was only added when building for SUSE (as target distro)
was because debian and ubuntu condition would fall-through the switch to
the suse case (which makes me think that the fall-through was not
accidental).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Falling through the switch cases in docker_extra_args() looks like a
typo and causes issues when building with podman, as `--security-opt
apparmor=unconfinded" shouldn't be passed if Apparmor is no enable on
the system.
Fixes: #1241
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
It should check the read count and return an
error if read count didn't match the expected
number.
Fixes: #1233
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In case the container rootfs's /dev was overrided
by binding mount from another directory, then there's
no need to create the default devices nodes and symlinks
in /dev.
Fixes: #692
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
The network ns is shared with the guest skip looking for it
in the spec
Fixes: #1228
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Return SingularPtrField::none() instead of panic when getting stats
from cgroup failed caused by cgroup controller missing.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Wrong prefix on the created temp directory on the test_setup_persistent_ns
for uts namesmpace type test.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
An pid namespace cannot be persisted, so add a check-and-error on
Namespace::setup() for handling that case.
Fixes#1220
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
RemoveContainerRequest results in calling to deleteContainer, according
to spec calling to RemoveContainer is idempotent and "must not return
an error if the container has already been removed", hence, don't
return error if the error reports that the container is not found.
Fixes: #836
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
The first incompatible issue is caused by a typo, "swapiness" should
be "swappiness". The second incompatible issue is caused by a serde
format. The struct LinuxBlockIODevice is introduced for convenience,
but it also changes serialized data, so "#[serde(flatten)]" should
be used for compatibility with OCI spec.
Fixes: #1211
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
On pod delete, we were looking to read files that we had just deleted. In particular,
stopSandbox for QEMU was called (we cleanup up vmpath), and then QEMU's
save function was called, which immediately checks for the PID file.
Let's only update the persist store for QEMU if QEMU is actually
running. This'll avoid Error messages being displayed when we are
stopping and deleting a sandbox:
```
level=error msg="Could not read qemu pid file"
```
I reviewed CLH, and it looks like it is already taking appropriate
action, so no changes needed.
Ideally we won't spend much time saving state to persist.json unless
there's an actual error during stop/delete/shutdown path, as the persist will
also be removed after the pod is removed. We may want to optimize this,
as currently we are doing a persist store when deleting each container
(after the sandbox is stopped, VM is killed), and when we stop the sandbox.
This'll require more rework... tracked in:
https://github.com/kata-containers/kata-containers/issues/1181Fixes: #1179
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
When receiving an OnlineCpuMemory RPC, if the number of CPUs to be
made available is 0, then updating the cpusets is a redundant operation.
Fixes: #1172
Signed-off-by: Maruth Goyal <maruthgoyal@gmail.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
If the upcast from resultingRoutes to *grpc.IRoutes fails, we return
(nil, err), but previous code ensures that err is nil at that point, so we
return no error.
fixes#1206
Forward port of
0ffaeeb5d8
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
If the upcast from resultingInterfaces to *grpc.Interfaces fails, we
return (nil, err), but previous code ensures that err is nil at that
point, so we return no error.
Forward port of
b86e904c2dfixes#1206
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Improve Kata Containers memory footprint by reducing debian
image size.
Without this change:
Debian image -> 256MB
With this change:
Debian image -> 128MB
Note: this change *will not* impact ubuntu image.
fixes#1188
Signed-off-by: Julio Montes <julio.montes@intel.com>
On runtime/Makefile the value of DESTDIR is set to "/", unless one
pass that variable as an argument to `make`. This change will
allow its overwrite if DESTDIR is exported in the environment as
well.
Fixes#1182
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Moved the qemu/apply_patches.sh to the common scripts directory and
refactor it so that it can be used as a generic and consistent way
to apply patches.
Fixes#1014
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It is used a temporary container to pull the QEMU tarball out
of the build image, but this container is never deleted. This
will ensure it gets deleted after its execution.
Fixes#1168
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
