Current working directory is a process level resource. We cannot call
chdir in parallel from multiple threads, which would cause cwd confusion
and result in UT failures.
The agent code itself is correct that chdir is only called from spawned
child init process. Well, there is one exception that it is also called
in do_create_container() but it is safe to assume that containers are
never created in parallel (at least for now).
Fixes: #782
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Set enable_debug_console=true in Kata's congiguration file,
runtime will pass `agent.debug_console`
and `agent.debug_console_vport=1026` to agent.
Fixes: #245
Signed-off-by: bin liu <bin@hyper.sh>
This only allows some whitelists files bind mounted under proc
and prevent other malicious mount to procfs.
Fixes: #807
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
The latest release of cloud-hypervisor v0.10.0 contains the following
updates: 1) `virtio-block` Support for Multiple Descriptors; 2) Memory
Zones; 3) `Seccomp` Sandbox Improvements; 4) Preliminary KVM HyperV
Emulation Control; 5) various bug fixes and refactoring.
Note that this patch updates the client code of clh's HTTP API in kata,
while the 'versions.yaml' file was updated in an earlier PR.
Fixes: #789
Signed-off-by: Bo Chen <chen.bo@intel.com>
This patch add fall-back code path that builds cloud-hypervisor static
binary from source, when the downloading of cloud-hypervisor binary is
failing. This is useful when we experience network issues, and also
useful for upgrading clh to non-released version.
Together with the changes in the tests repo
(https://github.com/kata-containers/tests/pull/2862), the Jenkins config
file is also updated with new Execute shell script for the clh CI in the
kata-containers repo. Those two changes fix the regression on clh CI
here. Please check details in the issue below.
Fixes: #781
Fixes: https://github.com/kata-containers/tests/issues/2858
Signed-off-by: Bo Chen <chen.bo@intel.com>
This PR includes these changes:
- use Rust installed by Travis
- install x86_64-unknown-linux-musl
- install rustfmt
- use Travis cache
- delete ci/install_vc.sh
Fixes: #748
Signed-off-by: bin liu <bin@hyper.sh>
Use the relative path of kata-deploy to replace the 1.x packaging url in
the kata-deploy/README.md file. Fixed the path issue, producted by
creating new branch.
Fixes: #777
Signed-off-by: Ychau Wang <wangyongchao.bj@inspur.com>
Be more verbose about podman configuration in the output of the data
collection script: get the system configuration as seen by podman and
dump the configuration files when present.
Fixes: #243
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
1. Until we restore docker/moby support, we should use crictl as
developer example.
2. Most of the hyperlinks should point to kata-containers repository.
3. There is no more standalone mode.
Fixes: #767
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Fix the kata-pkgsync tool's docs, change the download path of the
packaging tool in 2.0 release.
Fixes: #773
Signed-off-by: Ychau Wang <wangyongchao.bj@inspur.com>
Add unit tests for finish_root, read_only_path and mknod_dev
increasing code coverage of mount.rs
fixes#284
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use conditional compilation (#[cfg]) to change chroot behaviour
at compilation time. For example, such function will just return
`Ok(())` when the unit tests are being compiled, otherwise real
chroot operation is performed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Use conditional compilation (#[cfg]) to change pivot_root behaviour
at compilation time. For example, such function will just return
`Ok(())` when the unit tests are being compiled, otherwise real
pivot_root operation is performed.
Signed-off-by: Julio Montes <julio.montes@intel.com>
