When kata used multiple repositories, versions file was
downloaded. This is not needed anymore as the file is part
of the same repository.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Make use of the `const` values for error messages that were previously
only used for the unit tests. This guarantees consistency.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Fail if not patches directory is found. Help to prevent
build a new qemu version with missing patches.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Only use 'version' key to build qemu..
The version could be used as any valid target:
branch, tag or commit.
Using different keys to build is confusing.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Some patches has conflicts with old experimental kernel. Move patches to its own specific version.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
This fixes the guide to work with the Kata 2.0 repos and provide more
details on how to verify with ctr and kubernetes.
Fixes: #1362
Signed-off-by: Adams, Eric <eric.adams@intel.com>
Validate the container ID as we cannot / should not rely on the
container manager / runtime to do this.
Fixes: #1520.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Validate the container ID as we cannot rely on the container manager
doing this.
Fixes: #1520.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
To make debugging and testing easier, allow the ttRPC server address to
be specified via `/proc/cmdline` as `agent.server_addr=`.
Fixes: #1516.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Modify calls in unit tests to use context since many functions were
updated to accept local context to fix trace span ordering.
Fixes#1355
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Add rootCtx to service struct in shimv2 to use as parent of spans
created in shimv2 for a more organized trace ouput.
Fixes#1355
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
A significant number of trace calls did not use a parent context that
would create proper span ordering in trace output. Add local context to
functions for use in trace calls to facilitate proper span ordering.
Additionally, change whether trace function returns context in some
functions in virtcontainers and use existing context rather than
background context in bindMount() so that span exists as a child of a
parent span.
Fixes#1355
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Some variable are initialized in the Makefile, but never used.
Removing them to clean up the Makefile.
Fixes: #1003
Signed-off-by: Julien Ropé <jrope@redhat.com>
Look at the provided cgroup path to determine whether systemd is being
used to manage the cgroups. With this, systemd cgroups are being detected
and created appropriately for the sandbox.
Fixes: #599
Signed-off-by: Eric Ernsteernst <eric@amperecomputing.com>
(forward port of https://github.com/kata-containers/runtime/pull/2817)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Since we are now detecting, no longer to keep this state.
Signed-off-by: Eric Ernsteernst <eric@amperecomputing.com>
(forward port of https://github.com/kata-containers/runtime/pull/2817)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Commit 81607e34 updated src/agent/rustjail/Cargo.toml, to remove an
unneeded dependency. That causes cargo to update src/agent/Cargo.lock
on each build. However, the change to Cargo.lock wasn't checked in
meaning anyone working on the agent code will get bogus diffs with every
build. Check in the missing file to fix this.
fixes#1505
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently the the configure-hypervisor.sh doesn't set any optimization flag when
compiling QEMU >= 5.2.0 since the configure script will implicitly set -O2 on Ubuntu. But
on other environments, for example CentOS 7, it won't be set any optimization and this
results on the compiler warn:
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
To avoid this inconsistent behavior across different build environments, let's explicitly
set the -O2 flag.
Reported-by: Eric Ernst <eric.g.ernst@gmail.com>
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This contain to fixes for the virtiofsd on snap:
* removed the "-/usr/libexec" so that virtiofsd is copied to prime
* The configuration.toml expects virtiofsd in /usr/libexec/kata-qemu so it should be passed "kata-qemu"
to configure_hypervisor.sh script and it wil configure to install the executable onto the right directory.
Fixes#1238
Depends-on: github.com/kata-containers/kata-containers#1349
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Extra groups were not being handled when exec'ing. Ensure
that these are handled.
Before this, running a pod with:
```
...snippet...
securityContext:
fsGroup: 266
runAsGroup: 51020
runAsUser: 264
```
And then exec'ing would not supply the fsGroup:
```
$ kubectl exec -it kata-bb -- sh -c id
uid=264 gid=51020
```
Fixes: #1500
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Since the crate dirs::home_dir function depends on the
libc's api: getpwuid_r, but this api function wouldn't
be static linked on glibc, thus we'd better to figure
out an alternative way to get the home dir from /etc/passwd.
For much more info about this glibc's issue, please see:
https://sourceware.org/bugzilla/show_bug.cgi?id=19341.
This commit read and parse the "/etc/passwd" directly and
fetch the corresponding uid's home dir.
Fixes: #675
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Remove unused function parameters from the following types:
- `AgentCmdFp`: Removed the config parameter and made
the context parameter the first (à la golang).
- `BuiltinCmdFp`: Removed the config and options parameters.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The recent switch to an async rust agent broke the `agent-ctl` tool.
However, we didn't notice because that isn't being built by the CI.
Fix the breakage by passing a ttRPC context to all ttRPC API calls and
also build the tool as part of the static checks CI.
Fixes: #1471.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
If specified, sandbox_bind_mounts identifies host paths to be
mounted (ro) into the sandboxes shared path. This is only valid
if filesystem sharing is utilized.
The provided path(s) will be bindmounted (ro) into the shared fs directory on
the host, and thus mapped into the guest. If defaults are utilized,
these mounts should be available in the guest at
`/var/run/kata-containers/shared/containers/sandbox-mounts`
These will not be exposed to the container workloads, and are only
added for potential guest-services to consume (example: expose certs
into the guest that are available on the host).
Fixes: #1464
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Add target to run codecov report locally.
Useful to identify what are the missing lines
to be covered by unit test.
Fixes: #1487
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
