github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-28 04:21:03 +00:00
Code Issues Projects Releases Wiki Activity
16,169 Commits 36 Branches 137 Tags 315 MiB
b43a61e2c8
Commit Graph

16169 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xuewei Niu
b43a61e2c8
Merge pull request #11418 from microsoft/saulparedes/flag_secure_mount 
agent: add feature flag to secure_mount method
 2025-06-15 10:59:20 +08:00
Saul Paredes
cdfc9fd2d9 agent: add feature flag to secure_mount method 
This method is not used when guest-pull is not used.
Add a flag that prevents a compile error when building with rust version > 1.84.0 and not using guest-pull

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
 2025-06-13 11:25:58 -07:00
Fabiano Fidêncio
6f0ea595b7
Merge pull request #11402 from microsoft/danmihai1/disable-nvdimm 
runtime: build variable for disable_image_nvdimm=true
 2025-06-13 16:35:57 +02:00
Dan Mihai
0f8e453518
Merge pull request #11412 from katexochen/rego-v1 
genpolicy: fix rules syntax issues, rego v1 compatibility; ci: checks for rego parsing
 2025-06-13 07:30:34 -07:00
Steve Horsman
707b8b8a98
Merge pull request #11374 from kata-containers/dependabot/cargo/src/dragonball/tracing-1900da1d01 
build(deps): bump the tracing group across 7 directories with 1 update
 2025-06-13 08:30:37 +01:00
dependabot[bot]
1e6962e4a8
build(deps): bump the tracing group across 7 directories with 1 update 
Bumps the tracing group with 1 update in the /src/dragonball directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/libs directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/agent-ctl directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/genpolicy directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/kata-ctl directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/runk directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/trace-forwarder directory: [tracing](https://github.com/tokio-rs/tracing).


Updates `tracing` from 0.1.37 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.34 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.37 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.37 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.40 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.40 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.29 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

---
updated-dependencies:
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-12 15:45:35 +00:00
Steve Horsman
6bdc0cf495
Merge pull request #11417 from kata-containers/sprt/revert-validate-ok-to-test 
Revert "ci: gha: Remove ok-to-test label on every push"
 2025-06-12 15:04:44 +01:00
Aurélien Bombo
5200034642 Revert "ci: gha: Remove ok-to-test label on every push" 
This reverts commit 2ee3470627.

This is mostly redundant given we already have workflow approval for external
contributors.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
 2025-06-12 08:40:06 -05:00
Paul Meyer
64906e6973 tests/static-checks: parse rego with opa and regorus 
Ensure rego policies in tree can be parsed using opa and regorus.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
 2025-06-12 14:59:39 +02:00
Paul Meyer
107e7dfdf6 ci/static-checks: install regorus 
Make regorus available for static checks as prerequisite for rego checks.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
 2025-06-12 14:59:39 +02:00
Steve Horsman
843655c352
Merge pull request #11411 from stevenhorsman/runk-users-crate-switch 
runk: Switch users crate
 2025-06-12 10:35:31 +01:00
Paul Meyer
71796f7b12 ci/static-checks: install opa 
Make open-policy-agent available for static checks as prerequisite for rego checks.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
 2025-06-12 10:46:43 +02:00
Paul Meyer
5baea34fff genpolicy/rules: rego v1 compatibility 
Migrate policy to rego v1.
See https://www.openpolicyagent.org/docs/v0-upgrade#changes-to-rego-in-opa-v10

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
 2025-06-12 10:46:43 +02:00
Fupan Li
7c1f8c9009
Merge pull request #10697 from Apokleos/no-sharefs 
runtime-rs: Support shared_fs = "none" for CoCo
 2025-06-12 11:48:00 +08:00
Fupan Li
a495dec9f4
Merge pull request #11305 from RuoqingHe/bump-rust-1.85.1 
versions: Bump Rust from 1.80.0 to 1.85.1
 2025-06-12 10:21:38 +08:00
Ruoqing He
26c7f941aa versions: Bump rust to 1.85.1 
As discussed in 2025-05-22's AC call, bump rust toolchian to 1.85.1.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
5011253818 agent-ctl: Bump ttrpc-codegen related dependencies 
Bump `ttrpc-codegen` related dependencies in response to `ttrpc-codegen`
bump in `libs/protocol`.

Relates: #11376

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
ba75b3299f dragonball: Fix clippy elided_named_lifetimes 
Manually fix `elided_named_lifetimes` clippy warning reported by rust
1.85.1.

```console
error: elided lifetime has a name
   --> src/vm/aarch64.rs:113:10
    |
107 |     fn get_fdt_vm_info<'a>(
    |                        -- lifetime `'a` declared here
...
113 |     ) -> FdtVmInfo {
    |          ^^^^^^^^^ this elided lifetime gets resolved as `'a`
    |
    = note: `-D elided-named-lifetimes` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(elided_named_lifetimes)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
1bbedb8def dragonball: Fix clippy repr_packed_without_abi 
Fix `repr_packed_without_abi` clippy warning as suggested by rust
1.85.1.

```console
error: item uses `packed` representation without ABI-qualification
   --> dbs_pci/src/msi.rs:468:1
    |
466 |   #[repr(packed)]
    |          ------ `packed` representation set here
467 |   #[derive(Clone, Copy, Default, PartialEq)]
468 | / pub struct MsiState {
469 | |     msg_ctl: u16,
470 | |     msg_addr_lo: u32,
471 | |     msg_addr_hi: u32,
472 | |     msg_data: u16,
473 | |     mask_bits: u32,
474 | | }
    | |_^
    |
    = warning: unqualified `#[repr(packed)]` defaults to `#[repr(Rust, packed)]`, which has no stable ABI
    = help: qualify the desired ABI explicity via `#[repr(C, packed)]` or `#[repr(Rust, packed)]`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#repr_packed_without_abi
    = note: `-D clippy::repr-packed-without-abi` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::repr_packed_without_abi)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
e8be3c13fb dragonball: Fix clippy missing_docs 
Fix `missing_docs` clippy warning as suggested by rust 1.85.1.

```console
error: missing documentation for an associated function
    --> src/device_manager/mod.rs:1299:9
     |
1299 |         pub fn new_test_mgr() -> Self {
     |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     |
     = note: `-D missing-docs` implied by `-D warnings`
     = help: to override `-D warnings` add `#[allow(missing_docs)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
ceff1ed98d dragonball: Fix clippy needless_lifetimes 
Fix `needless_lifetimes` clippy warning as suggested by rust 1.85.1.

```console
error: the following explicit lifetimes could be elided: 'a
   --> dbs_virtio_devices/src/vhost/vhost_user/connection.rs:137:6
    |
137 | impl<'a, AS: GuestAddressSpace, Q: QueueT, R: GuestMemoryRegion> EndpointParam<'a, AS, Q, R> {
    |      ^^                                                                        ^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_lifetimes
    = note: `-D clippy::needless-lifetimes` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::needless_lifetimes)]`
help: elide the lifetimes
    |
137 - impl<'a, AS: GuestAddressSpace, Q: QueueT, R: GuestMemoryRegion> EndpointParam<'a, AS, Q, R> {
137 + impl<AS: GuestAddressSpace, Q: QueueT, R: GuestMemoryRegion> EndpointParam<'_, AS, Q, R> {
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
c04f1048d5 dragonball: Fix clippy unnecessary_lazy_evaluations 
Fix `unnecessary_lazy_evaluations` clippy warning as suggested by rust
1.85.1.

```console
error: unnecessary closure used to substitute value for `Option::None`
   --> dbs_virtio_devices/src/vhost/vhost_user/block.rs:225:28
    |
225 |           let vhost_socket = config_path
    |  ____________________________^
226 | |             .strip_prefix("spdk://")
227 | |             .ok_or_else(|| VirtIoError::InvalidInput)?
    | |_____________________________________________________^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_lazy_evaluations
    = note: `-D clippy::unnecessary-lazy-evaluations` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::unnecessary_lazy_evaluations)]`
help: use `ok_or` instead
    |
227 |             .ok_or(VirtIoError::InvalidInput)?
    |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>

unnecessary_lazy_evaluations

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
16b45462a1 dragonball: Fix clippy manual_inspect 
Manually fix `manual_inspect` clippy warning reported by rust 1.85.1.

```console
error: using `map_err` over `inspect_err`
   --> dbs_virtio_devices/src/net.rs:753:52
    |
753 |         self.device_info.read_config(offset, data).map_err(|e| {
    |                                                    ^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_inspect
    = note: `-D clippy::manual-inspect` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::manual_inspect)]`
help: try
    |
753 ~         self.device_info.read_config(offset, data).inspect_err(|e| {
754 ~             self.metrics.cfg_fails.inc();
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
5e80293bfc dragonball: Fix clippy empty_line_after_doc_comments 
Fix `empty_line_after_doc_comments` clippy warning as suggested by rust
1.85.1.

```console
error: empty line after doc comment
  --> dbs_boot/src/x86_64/layout.rs:11:1
   |
11 | / /// Magic addresses externally used to lay out x86_64 VMs.
12 | |
   | |_^
13 |   /// Global Descriptor Table Offset
14 |   pub const BOOT_GDT_OFFSET: u64 = 0x500;
   |   ------------------------------ the comment documents this constant
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#empty_line_after_doc_comments
   = note: `-D clippy::empty-line-after-doc-comments` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(clippy::empty_line_after_doc_comments)]`
   = help: if the empty line is unintentional remove it
help: if the documentation should include the empty line include it in the comment
   |
12 | ///
   |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
bb13b6696e dragonball: Fix clippy manual_div_ceil 
Fix `manual_div_ceil` clippy warning as suggested by rust 1.85.1.

```console
error: manually reimplementing `div_ceil`
   --> dbs_interrupt/src/kvm/mod.rs:202:24
    |
202 |         let elem_cnt = (total_sz + elem_sz - 1) / elem_sz;
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: consider using `.div_ceil()`: `total_sz.div_ceil(elem_sz)`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_div_ceil
    = note: `-D clippy::manual-div-ceil` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::manual_div_ceil)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
e58bd52dd8 dragonball: Fix clippy precedence 
Fix `precedence` clippy warning as suggested by rust 1.85.1.

```console
error: operator precedence can trip the unwary
   --> dbs_interrupt/src/kvm/mod.rs:169:6
    |
169 |     (u64::from(type1) << 48 | u64::from(entry.type_) << 32) | u64::from(entry.gsi)
    |      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: consider parenthesizing your expression: `(u64::from(type1) << 48) | (u64::from(entry.type_) << 32)`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#precedence
    = note: `-D clippy::precedence` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::precedence)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
44142b13d3 genpolicy: Fix clippy unstable_name_collisions 
Manually fix `unstable_name_collisions` clippy warning reported by rust
1.85.1.

```console
error: a method with this name may be added to the standard library in the future
   --> src/registry.rs:646:10
    |
646 |     file.unlock()?;
    |          ^^^^^^
    |
    = warning: once this associated item is added to the standard library, the ambiguity may cause an error or change in behavior!
    = note: for more information, see issue #48919 <https://github.com/rust-lang/rust/issues/48919>
    = help: call with fully qualified syntax `fs2::FileExt::unlock(...)` to keep using the current method
    = note: `-D unstable-name-collisions` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(unstable_name_collisions)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
366d293141 genpolicy: Fix clippy manual_unwrap_or_default 
Manually fix `manual_unwrap_or_default` clippy warning reported by rust
1.85.1.

```console
error: if let can be simplified with `.unwrap_or_default()`
   --> src/registry.rs:619:37
    |
619 |       let mut data: Vec<ImageLayer> = if let Ok(vec) = serde_json::from_reader(read_file) {
    |  _____________________________________^
620 | |         vec
621 | |     } else {
...   |
624 | |     };
    | |_____^ help: replace it with: `serde_json::from_reader(read_file).unwrap_or_default()`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
    = note: `-D clippy::manual-unwrap-or-default` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::manual_unwrap_or_default)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
a71a77bfa3 genpolicy: Fix clippy manual_div_ceil 
Manually fix `manual_div_ceil` clippy warning reported by rust 1.85.1.

```console
error: manually reimplementing `div_ceil`
  --> src/verity.rs:73:25
   |
73 |             let count = (data_size + entry_size - 1) / entry_size;
   |                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: consider using `.div_ceil()`: `data_size.div_ceil(entry_size)`
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_div_ceil
   = note: `-D clippy::manual-div-ceil` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(clippy::manual_div_ceil)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
5d491bd4f4 genpolicy: Bump ttrpc-codegen related dependencies 
Bump `ttrpc-codegen` related dependencies in response to `ttrpc-codegen`
bump in `libs/protocol`.

Relates: #11376

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
965f1d799c kata-ctl: Fix clippy empty_line_after_outer_attr 
Manually fix `empty_line_after_outer_attr` clippy warning reported by
rust 1.85.1.

```console
error: empty line after outer attribute
   --> src/check.rs:515:9
    |
515 | /         #[allow(dead_code)]
516 | |
    | |_^
517 |           struct TestData<'a> {
    |           ------------------- the attribute applies to this struct
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#empty_line_after_outer_attr
    = note: `-D clippy::empty-line-after-outer-attr` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::empty_line_after_outer_attr)]`
    = help: if the empty line is unintentional remove it
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
3d64b11454 kata-ctl: Fix clippy question_mark 
Manually fix `question_mark` clippy warning reported by rust 1.85.1.

```console
error: this `match` expression can be replaced with `?`
  --> src/ops/check_ops.rs:49:13
   |
49 |       let f = match get_builtin_check_func(check) {
   |  _____________^
50 | |         Ok(fp) => fp,
51 | |         Err(e) => return Err(e),
52 | |     };
   | |_____^ help: try instead: `get_builtin_check_func(check)?`
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#question_mark
   = note: `-D clippy::question-mark` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(clippy::question_mark)]`
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
702ba4033e kata-ctl: Bump ttrpc-codegen related dependencies 
Bump `ttrpc-codegen` related dependencies in response to `ttrpc-codegen`
bump in `libs/protocol`.

Relates: #11376

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
f70c17660a runtime-rs: Fix clippy unnecessary_map_or 
Fix `unnecessary_map_or` clippy warning as suggested by rust 1.85.1.

error: this `map_or` can be simplified
    --> crates/hypervisor/src/ch/inner_hypervisor.rs:1054:24
     |
1054 |           let have_tdx = fs::read(TDX_KVM_PARAMETER_PATH)
     |  ________________________^
1055 | |             .map_or(false, |content| !content.is_empty() && content[0] == b'Y');
     | |_______________________________________________________________________________^ help: use is_ok_and instead: `fs::read(TDX_KVM_PARAMETER_PATH).is_ok_and(|content| !content.is_empty() && content[0] == b'Y')`
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_map_or
     = note: `-D clippy::unnecessary-map-or` implied by `-D warnings`
     = help: to override `-D warnings` add `#[allow(clippy::unnecessary_map_or)]`

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
d7dfab92be runtime-rs: Fix clippy manual_inspect 
Manually fix `manual_inspect` clippy warning reported by rust 1.85.1.

```console
error: using `map` over `inspect`
  --> crates/resource/src/cdi_devices/container_device.rs:50:10
   |
50 |         .map(|device| {
   |          ^^^
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_inspect
   = note: `-D clippy::manual-inspect` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(clippy::manual_inspect)]`
help: try
   |
50 ~         .inspect(|device| {
51 |             // push every device's Device to agent_devices
52 ~             devices_agent.push(device.device.clone());
   |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
4c467f57de runtime-rs: Fix clippy needless_return 
Fix `needless_return` clippy warning as suggested by rust 1.85.1.

```console
error: unneeded `return` statement
   --> crates/resource/src/rootfs/nydus_rootfs.rs:199:5
    |
199 |     return Some(prefetch_list_path.display().to_string());
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_return
    = note: `-D clippy::needless-return` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::needless_return)]`
help: remove `return`
    |
199 -     return Some(prefetch_list_path.display().to_string());
199 +     Some(prefetch_list_path.display().to_string())
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
23365fc7e2 runtime-rs: Bump ttrpc-codegen related dependencies 
Bump `ttrpc-codegen` related dependencies in response to `ttrpc-codegen`
bump in `libs/protocol`.

Relates: #11376

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
bd4d9cf67c agent: Fix clippy empty_line_after_doc_comments 
Manually fix `empty_line_after_doc_comments` clippy warning reported by
rust 1.85.1.

```console
error: empty line after doc comment
  --> src/linux_abi.rs:8:1
   |
8  | / /// Linux ABI related constants.
9  | |
   | |_^
10 |   #[cfg(target_arch = "aarch64")]
11 |   use std::fs;
   |       ------- the comment documents this import
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#empty_line_after_doc_comments
   = note: `-D clippy::empty-line-after-doc-comments` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(clippy::empty_line_after_doc_comments)]`
   = help: if the empty line is unintentional remove it
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Paul Meyer
d488c998c7 genpolicy/rules: fix syntax issue 
Policy wan't parsable with OPA due to surplus whitespace.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
 2025-06-11 14:48:36 +02:00
Steve Horsman
c8fcda0d73
Merge pull request #11407 from Champ-Goblem/fix/nvidia-rootfs-only-copy-opa-when-agent-policy-enabled 
nvidia-rootfs: only copy `kata-opa` if `AGENT_POLICY` is enabled
 2025-06-11 13:39:07 +01:00
stevenhorsman
39f51b4c6d runk: Switch users crate 
The users@0.11.0 has a high severity CVE-2025-5791
and doesn't seem to be maintained, so switch to
uzers which forked it.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-06-11 12:03:28 +01:00
Champ-Goblem
d6c45027f5 nvidia-rootfs: only copy kata-opa if AGENT_POLICY is enabled 
In the nvidia rootfs build, only copy in `kata-opa` if `AGENT_POLICY` is enabled. This fixes
builds when `AGENT_POLICY` is disabled and opa is not built.

Signed-off-by: Champ-Goblem <cameron@northflank.com>
 2025-06-11 11:25:10 +02:00
Ruoqing He
2ccb306c0b agent: Fix clippy precedence 
Fix `precedence` clippy warning as suggested by rust 1.85.1.

```console
warning: operator precedence can trip the unwary
  --> src/pci.rs:54:19
   |
54 |         Ok(SlotFn(ss8 << FUNCTION_BITS | f8))
   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^ help: consider parenthesizing your expression: `(ss8 << FUNCTION_BITS) | f8`
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#precedence
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
048178bc5e agent: Fix clippy unnecessary_get_then_check 
Manually fix `unnecessary_get_then_check` clippy warning as suggested by
rust 1.85.1.

```console
warning: unnecessary use of `get(&shared_mount.src_ctr).is_none()`
   --> src/sandbox.rs:431:25
    |
431 |             if src_ctrs.get(&shared_mount.src_ctr).is_none() {
    |                ---------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |                |
    |                help: replace it with: `!src_ctrs.contains_key(&shared_mount.src_ctr)`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_get_then_check
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
54ec432178 agent: Fix clippy partialeq_to_none 
Fix `partialeq_to_none` clippy warning as suggested by rust 1.85.1.

```console
warning: binary comparison to literal `Option::None`
   --> src/sandbox.rs:431:16
    |
431 |             if src_ctrs.get(&shared_mount.src_ctr) == None {
    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use `Option::is_none()` instead: `src_ctrs.get(&shared_mount.src_ctr).is_none()`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#partialeq_to_none
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
95dca31ecc agent: Fix clippy question_mark 
Fix `question_mark` clippy warning as suggested by rust 1.85.1.

```console
warning: this `match` expression can be replaced with `?`
    --> rustjail/src/cgroups/fs/mod.rs:1327:20
     |
1327 |       let dev_type = match DeviceType::from_char(d.typ().as_str().chars().next()) {
     |  ____________________^
1328 | |         Some(t) => t,
1329 | |         None => return None,
1330 | |     };
     | |_____^ help: try instead: `DeviceType::from_char(d.typ().as_str().chars().next())?`
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#question_mark
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
5a95a65604 agent: Fix clippy unnecessary_map_or 
Fix `unnecessary_map_or` clippy warning as suggested by rust 1.85.1.

```console

warning: this `map_or` can be simplified
    --> rustjail/src/container.rs:1424:20
     |
1424 |                   if namespace
     |  ____________________^
1425 | |                     .path()
1426 | |                     .as_ref()
1427 | |                     .map_or(true, |p| p.as_os_str().is_empty())
     | |_______________________________________________________________^
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_map_or
help: use is_none_or instead
     |
1424 ~                 if namespace
1425 +                     .path()
1426 +                     .as_ref().is_none_or(|p| p.as_os_str().is_empty())
     |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
f9c76edd23 agent: Fix clippy manual_inspect 
Manually fix `manual_inspect` clippy warning reported by rust 1.85.1.

```console
warning: using `map_err` over `inspect_err`
   --> rustjail/src/mount.rs:881:6
    |
881 |     .map_err(|e| {
    |      ^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_inspect
help: try
    |
881 ~     .inspect_err(|&e| {
882 ~         log_child!(cfd_log, "mount error: {:?}", e);
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
7ff34f00c2 agent: Fix clippy single_match 
Fix `single_match` clippy warning as suggested by rust 1.85.1.

```console
warning: you seem to be trying to use `match` for destructuring a single pattern. Consider using `if let`
   --> src/image.rs:241:9
    |
241 | /         match oci.annotations() {
242 | |             Some(a) => {
243 | |                 if ImageService::is_sandbox(a) {
244 | |                     return ImageService::get_pause_image_process();
...   |
247 | |             None => {}
248 | |         }
    | |_________^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_match
help: try
    |
241 ~         if let Some(a) = oci.annotations() {
242 +             if ImageService::is_sandbox(a) {
243 +                 return ImageService::get_pause_image_process();
244 +             }
245 +         }
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Alex Lyn
e99070afb4
Merge pull request #11343 from Apokleos/cc-blk-sharefs 
Enables block device and disable virtio-fs
 2025-06-11 11:52:52 +08:00