oci.proto imports "google/protobuf/wrappers.proto", but doesn't appear to
use it, which causes a warning from protoc when we compile it. Remove the
import to fix the warning.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The generate_go_sources() function in update-generate-proto.sh adds a
number of include directives to the protoc command line. Some of these
don't appear to be necessary to correctly compile the agent's protocol
files, so remove them.
Amongst other things were directives pointing at the old Kata1 runtime and
agent repositories. Those ones could be actively harmful by causing odd
dependencies of the Kata2 build on the Kata1 repositories.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
src/agent/protocols/hack/update-generated-proto.sh checks for the presence
of protoc-gen-rust and ttrpc_rust_plugin, but it doesn't actually need
them. Those tools are needed to generate Rust code from the gRPC proto
files, but that's already handled in src/agent/protocols/build.rs using
Cargo for dependency management.
This script is only needed for the Go code, for which the other tools are
sufficient.
fixes#1198
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This PR wraps fd raw descriptor with File, so it'll be properly closed once exited.
Fixes: #1192
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This is the Rust porting of https://github.com/kata-containers/agent/pull/371
`read_stdout`/`read_stderr` is blocking rpc calls, if exec process
exited, these calls is on blocking state for reading on process's
term master fd, and can't get a chance to break the wait.
In this PR, `read_stdout`/`read_stderr` will not read directly from
a term master of a process, instead, it will first have to get
an fd to read from newly added `epoller.poll()`. `epoller.poll()` may returns:
- the term master fd of exec process, if the process is running.
- a fd(piped fd) will return EOF when reading to indicate that th process is exited.
Fixes: #1160
Signed-off-by: bin liu <bin@hyper.sh>
After cpu hot-plugged is available, cpuset for containers will be written into
cgroup files recursively, the paths should include container's cgroup path, and up
to root path of cgroup filesystem.
Fixes: #1156, #1159
Signed-off-by: bin liu <bin@hyper.sh>
The result of `cpuset_controller.set_cpus(&cpu.cpus)` is unwrapped,
this will lead creating container to fail if cpuset is set.
The sandbox's `CreateContainer` sequence is:
c, err := newContainer(s, &contConfig)
err = c.create()
c.sandbox.agent.createContainer(c.sandbox, c) (1)
err = s.updateResources()
oldCPUs, newCPUs, err := s.hypervisor.resizeVCPUs(sandboxVCPUs) (2)
cpuset only avaiable after `s.hypervisor.resizeVCPUs` has been called at (2),
and then cpuset is written to cgourps file.
Fixes: #1159
Signed-off-by: bin liu <bin@hyper.sh>
The main process do unshare pid namespace, the process
couldn't spawn new thread, in order to avoid this issue,
fork a new child process and do the pid namespace unshare
in the new temporary process.
Fixes: #1140
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since kata containers shared the network ns with
the guest system, thus there's no need to do the
network ns check.
Fixes: #1047
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Under stress, the agent can be OOM-killed, which exists the sandbox.
One possible hard-to-diagnose manifestation is a virtiofsd crash.
Fixes: #1111
Reported-by: Qian Cai <caiqian@redhat.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Only display the `ttrpc` crate log output when full logging
(trace level) is enabled.
This is a slight abuse of log levels but provides developers and testers
what they need whilst also keeping the logs relatively quiet for the
default info log level (the `ttrpc` crate logging is a bit "chatty").
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `ttrpc` crate uses the `log` crate for logging. But the agent uses
the `slog` crate. This means that currently, all `ttrpc` log messages
are being discarded.
Use the `slog-stdlog` create to redirect `log` crate logging calls into
`slog` so they are visible in the agents log output.
Fixes: #978.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add support for a `KATA_AGENT_LOG_LEVEL` environment variable for testing.
This is the equivalent to the `agent.log=` kernel command line option.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
It's should catch the failed error of spawning a new thread, otherwise,
it would cause the current thread panic.
Fixes: #1034
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Only root is able to create and manipulate cgroups, this mock
implementation of a cgroup manager can used in unit testing.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fix the instructions explaining how to build the agent from source now that make needs to be run to auto-generate some source files.
Fixes: #889.
Signed-off-by: LiYa'nan <oliverliyn@gmail.com>
Fix the instructions explaining how to build the agent from source now that make needs to be run to auto-generate some source files.
Fixes: #889
Signed-off-by: LiYa'nan <oliverliyn@gmail.com>
Because the repos have been merged and the agent repo will be removed in the future,
we do not need mock the file structure any more.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Fix the permissions of PID 1's STDIO within the container to
the specified user.
The ownership needs to match because it is created outside of the
container and needs to be localized.
Fixes: #1022
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
