github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-05-08 15:50:34 +00:00
Code Issues Projects Releases Wiki Activity
16,409 Commits 56 Branches 147 Tags
b76efa2a25d0aeca9097a33084ae23562eeedca1
Commit Graph

1335 Commits

Author SHA1 Message Date
Steve Horsman
d219fc20e1 Merge pull request #11555 from stevenhorsman/rust-advisory-fixes-pre-3.19.0 
Rust advisory fixes pre 3.19.0
 2025-07-15 09:11:33 +01:00
teawater
028f25ac84 mem-agent: Update to kata-20250627 
Update to https://github.com/teawater/mem-agent/tree/kata-20250627.

The commit list:
3854b3a Update nix version from 0.23.2 to 0.30.1
d9a4ced Update tokio version from 1.33 to 1.45.1
9115c4d run_eviction_single_config: Simplify check evicted pages after
	eviction
68b48d2 get_swappiness: Use a rounding method to obtain the swappiness
	value
14c4508 run_eviction_single_config: Add max_seq and min_seq check with
	each info
8a3a642 run_eviction_single_config: Move infov update to main loop
b6d30cf memcg.rs: run_aging_single_config: Fix error of last_inc_time
	check
54fce7e memcg.rs: Update anon eviction code
41c31bf cgroup.rs: Fix build issue with musl
0d6aa77 Remove lazy_static from dependencies
a66711d memcg.rs: update_and_add: Fix memcg not work after set memcg
	issue
cb932b1 Add logs and change some level of some logs
93c7ad8 Add per-cgroup and per-numa config support
092a75b Remove all Cargo.lock to support different versions of rust
540bf04 Update mem-agent-srv, mem-agent-ctl and mem-agent-lib to
	v0.2.0
81f39b2 compact.rs: Change default value of compact_sec_max to 300
c455d47 compact.rs: Fix psi_path error with cgroup v2 issue
6016e86 misc.rs: Fix log error
ded90e9 Set mem-agent-srv and mem-agent-ctl as bin

Fixes: #11478

Signed-off-by: teawater <zhuhui@kylinos.cn>
 2025-07-15 08:57:41 +08:00
stevenhorsman
18597588c0 agent: Bump cdi version 
Bump cdi version to the pick up fixes to:
- RUSTSEC-2025-0024
- RUSTSEC-2025-0023
- RUSTSEC-2024-0370

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-14 16:54:30 +01:00
stevenhorsman
661d88b11f versions: Bump oci-spec 
Try bumping oci-spec to 0.8.1 as it included fixes for vulnerabilities
including RUSTSEC-2024-0370

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-14 16:54:30 +01:00
teawater
0347698c59 kata-agent: mount.rs: Fix warning of test 
Got follow warning with make test of kata-agent:
   Compiling rustjail v0.1.0 (/data/teawater/kata-containers/src/agent/rustjail)
   Compiling kata-agent v0.1.0 (/data/teawater/kata-containers/src/agent)
warning: unused import: `std::os::unix::fs`
    --> rustjail/src/mount.rs:1147:9
     |
1147 |     use std::os::unix::fs;
     |         ^^^^^^^^^^^^^^^^^
     |
     = note: `#[warn(unused_imports)]` on by default

This commit fixes it.

Fixes: #11508

Signed-off-by: teawater <zhuhui@kylinos.cn>
 2025-07-03 10:01:19 +08:00
Fabiano Fidêncio
69c706b570 Merge pull request #11441 from stevenhorsman/protobuf-3.7.2-bump 
versions: Bump protobuf to 3.7.2
 2025-06-25 13:47:28 +02:00
alex.lyn
871465f5d3 kata-agent: Allow unrecognized fields in InitData 
To make it flexibility and extensibility This change modifies the Kata
Agent's handling of `InitData` to allow for unrecognized key-value pairs.

The `InitData` field now directly utilizes `HashMap<String, String>`,
enabling it to carry arbitrary metadata and information that may be
consumed by other components

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2025-06-24 10:25:57 +08:00
stevenhorsman
e11fc3334e agent: Clap v4 updates 
AppSettings was removed, so refactor
based on new documentation

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-06-21 17:15:12 +01:00
dependabot[bot]
0aa80313eb build(deps): bump the clap group across 6 directories with 1 update 
Bumps the clap group with 1 update in the /src/agent directory: [clap](https://github.com/clap-rs/clap).
Bumps the clap group with 1 update in the /src/tools/agent-ctl directory: [clap](https://github.com/clap-rs/clap).
Bumps the clap group with 1 update in the /src/tools/genpolicy directory: [clap](https://github.com/clap-rs/clap).
Bumps the clap group with 1 update in the /src/tools/kata-ctl directory: [clap](https://github.com/clap-rs/clap).
Bumps the clap group with 1 update in the /src/tools/runk directory: [clap](https://github.com/clap-rs/clap).
Bumps the clap group with 1 update in the /src/tools/trace-forwarder directory: [clap](https://github.com/clap-rs/clap).

Updates `clap` from 3.2.25 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.1.8 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.1.8 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.1.8 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.1.8 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.1.8 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.1.8 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.4.10 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.4.10 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.4.10 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.4.10 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.4.10 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 4.4.10 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 3.2.25 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

Updates `clap` from 2.34.0 to 4.5.40
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37)

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.5.37
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.37
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.37
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.37
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.37
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.37
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: clap
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-21 17:15:12 +01:00
stevenhorsman
0f1c326ca0 versions: Bump protobuf to 3.7.2 
Now we are decoupled from the image-rs crate,
we can bump the protobuf version across our project
to resolve the GHSA-2gh3-rmm4-6rq5 advisory

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-06-20 20:52:04 +01:00
Xynnn007
aae64fa3d6 agent: add agent.image_pull_timeout parameter 
This new parameter for kata-agent is used to control the timeout for a
guest pull request. Note that sometimes an image can be really big, so
we set default timeout to 1200 seconds (20 minutes).

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 13:54:15 +08:00
Xynnn007
105cb47991 agent: always try to override oci process spec 
In previous version, only when the `guest-pull` feature is enabled
during the build time, the OCI process will be tried to be overrided
when the storage has a guest pull volume and also it is sandbox. After
getting rid of the feature, whether it is guest-pull is runtimely
determined thus we can always do this trying override, by checking if
there is kata guest pull volume in storages and it's sandbox.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
6b1249186f agent: embed ocicrypt config in rootfs by default 
Now the ocicrypt configuration used by CDH is always the same and it's
not a good practics to write it into the rootfs during runtime by
kata-agent. Thus we now move it to coco-guest-components build script.
The config will be embedded into guest image/initrd together with CDH
binary.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
22e65024ce agent: get rid of pull-type option 
The feature `guest-pull` and `default-pull` are both removed, because
both guest pull and host pull are supported in building time without
without involving new dependencies like image-rs before. The guest pull
will depend on the CDH process, not the build time feature.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
0e15b49369 agent: get rid of init_image_service 
we do not need to initialize image service in kata-agent now, as it's
initialized in CDH.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
22c50cae7b agent: let image_pull_handler call cdh to pull image 
This is a higher level calling to pull image inside guest. Now it should
call confidential_data_hub's API. As the previous pull_image API does
1. check is sandbox
2. generate bundle_path
inside the original logic, and the new API does not do them to keep the
API semantice clean, thus before we call the API, we explicitly do the
two things.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
39cd430994 agent: add ocicrypt_config envs for CDH process 
now image pull ability is moved to CDH, thus the CDH process needs
environment variables of ocicrypt to help find the keyprovider(cdh) to
decrypt images.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
f67f5c2b69 agent: remove image pull configs 
As image pull ability is moved to CDH, kata-agent does not need the
confugurations of image pulling anymore.

All these configurations reading from kernel cmdline is now implemented
by CDH.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:13:20 +08:00
Xynnn007
4436fe6d99 agent: move guest pull abilities to Confidential Data Hub 
Image pull abilities are all moved to the separate component
Confidential Data Hub (CDH) and we only left the auxiliary functions
except pull_image in confidential_data_hub/image.rs

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:10:09 +08:00
Xynnn007
5067aafd56 agent: move cdh.rs and image.rs to a separate module confidential_data_hub 
This is a little refactoring commit that moves the mod `cdh.rs` and
`image.rs` to a directory module `confidential_data_hub`. This is
because the image pull ability will be moved into confidential data
hub, thus it is better to handle image pull things in the confidential
data hub submodule.

Also, this commit does some changes upon the original code. It gets rid
of a static variable for CDH timeout config and directly use the global
config variable's member. Also, this changes the
`is_cdh_client_initialized` function to sync version as it does not need
to be async.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
 2025-06-16 11:10:09 +08:00
Saul Paredes
cdfc9fd2d9 agent: add feature flag to secure_mount method 
This method is not used when guest-pull is not used.
Add a flag that prevents a compile error when building with rust version > 1.84.0 and not using guest-pull

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
 2025-06-13 11:25:58 -07:00
dependabot[bot]
1e6962e4a8 build(deps): bump the tracing group across 7 directories with 1 update 
Bumps the tracing group with 1 update in the /src/dragonball directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/libs directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/agent-ctl directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/genpolicy directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/kata-ctl directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/runk directory: [tracing](https://github.com/tokio-rs/tracing).
Bumps the tracing group with 1 update in the /src/tools/trace-forwarder directory: [tracing](https://github.com/tokio-rs/tracing).


Updates `tracing` from 0.1.37 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.34 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.37 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.37 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.40 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.40 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

Updates `tracing` from 0.1.29 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.41)

---
updated-dependencies:
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing
  dependency-version: 0.1.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-12 15:45:35 +00:00
Ruoqing He
26c7f941aa versions: Bump rust to 1.85.1 
As discussed in 2025-05-22's AC call, bump rust toolchian to 1.85.1.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
bd4d9cf67c agent: Fix clippy empty_line_after_doc_comments 
Manually fix `empty_line_after_doc_comments` clippy warning reported by
rust 1.85.1.

```console
error: empty line after doc comment
  --> src/linux_abi.rs:8:1
   |
8  | / /// Linux ABI related constants.
9  | |
   | |_^
10 |   #[cfg(target_arch = "aarch64")]
11 |   use std::fs;
   |       ------- the comment documents this import
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#empty_line_after_doc_comments
   = note: `-D clippy::empty-line-after-doc-comments` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(clippy::empty_line_after_doc_comments)]`
   = help: if the empty line is unintentional remove it
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 13:50:10 +00:00
Ruoqing He
2ccb306c0b agent: Fix clippy precedence 
Fix `precedence` clippy warning as suggested by rust 1.85.1.

```console
warning: operator precedence can trip the unwary
  --> src/pci.rs:54:19
   |
54 |         Ok(SlotFn(ss8 << FUNCTION_BITS | f8))
   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^ help: consider parenthesizing your expression: `(ss8 << FUNCTION_BITS) | f8`
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#precedence
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
048178bc5e agent: Fix clippy unnecessary_get_then_check 
Manually fix `unnecessary_get_then_check` clippy warning as suggested by
rust 1.85.1.

```console
warning: unnecessary use of `get(&shared_mount.src_ctr).is_none()`
   --> src/sandbox.rs:431:25
    |
431 |             if src_ctrs.get(&shared_mount.src_ctr).is_none() {
    |                ---------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |                |
    |                help: replace it with: `!src_ctrs.contains_key(&shared_mount.src_ctr)`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_get_then_check
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
54ec432178 agent: Fix clippy partialeq_to_none 
Fix `partialeq_to_none` clippy warning as suggested by rust 1.85.1.

```console
warning: binary comparison to literal `Option::None`
   --> src/sandbox.rs:431:16
    |
431 |             if src_ctrs.get(&shared_mount.src_ctr) == None {
    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use `Option::is_none()` instead: `src_ctrs.get(&shared_mount.src_ctr).is_none()`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#partialeq_to_none
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
95dca31ecc agent: Fix clippy question_mark 
Fix `question_mark` clippy warning as suggested by rust 1.85.1.

```console
warning: this `match` expression can be replaced with `?`
    --> rustjail/src/cgroups/fs/mod.rs:1327:20
     |
1327 |       let dev_type = match DeviceType::from_char(d.typ().as_str().chars().next()) {
     |  ____________________^
1328 | |         Some(t) => t,
1329 | |         None => return None,
1330 | |     };
     | |_____^ help: try instead: `DeviceType::from_char(d.typ().as_str().chars().next())?`
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#question_mark
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
5a95a65604 agent: Fix clippy unnecessary_map_or 
Fix `unnecessary_map_or` clippy warning as suggested by rust 1.85.1.

```console

warning: this `map_or` can be simplified
    --> rustjail/src/container.rs:1424:20
     |
1424 |                   if namespace
     |  ____________________^
1425 | |                     .path()
1426 | |                     .as_ref()
1427 | |                     .map_or(true, |p| p.as_os_str().is_empty())
     | |_______________________________________________________________^
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_map_or
help: use is_none_or instead
     |
1424 ~                 if namespace
1425 +                     .path()
1426 +                     .as_ref().is_none_or(|p| p.as_os_str().is_empty())
     |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
f9c76edd23 agent: Fix clippy manual_inspect 
Manually fix `manual_inspect` clippy warning reported by rust 1.85.1.

```console
warning: using `map_err` over `inspect_err`
   --> rustjail/src/mount.rs:881:6
    |
881 |     .map_err(|e| {
    |      ^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_inspect
help: try
    |
881 ~     .inspect_err(|&e| {
882 ~         log_child!(cfd_log, "mount error: {:?}", e);
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
7ff34f00c2 agent: Fix clippy single_match 
Fix `single_match` clippy warning as suggested by rust 1.85.1.

```console
warning: you seem to be trying to use `match` for destructuring a single pattern. Consider using `if let`
   --> src/image.rs:241:9
    |
241 | /         match oci.annotations() {
242 | |             Some(a) => {
243 | |                 if ImageService::is_sandbox(a) {
244 | |                     return ImageService::get_pause_image_process();
...   |
247 | |             None => {}
248 | |         }
    | |_________^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#single_match
help: try
    |
241 ~         if let Some(a) = oci.annotations() {
242 +             if ImageService::is_sandbox(a) {
243 +                 return ImageService::get_pause_image_process();
244 +             }
245 +         }
    |
```

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-11 07:18:09 +00:00
Ruoqing He
77e68b164e agent: Upgrade ttrpc-codegen to 0.5.0 
Propagate `ttrpc-codegen` upgrade from `libs/protocols` to `agent`.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
 2025-06-04 01:16:46 +00:00
Ryan Savino
1e686dbca7 agent: Remove casting and fix Arc declaration 
Removed unnecessary dynamic dispatch for services. Properly dereferenced
service Box values and stored in Arc.

Co-authored-by: Ruoqing He <heruoqing@iscas.ac.cn>
Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
 2025-06-04 01:16:46 +00:00
RuoqingHe
51cc960cdd Merge pull request #11346 from fidencio/topic/bump-cgroups-rs 
rust: Update cgroups-rs to its v0.3.5 release
 2025-05-31 04:13:05 +02:00
Fabiano Fidêncio
02c46471fd rust: Update cgroups-rs to its v0.3.5 release 
We're switching to using a rev as it may take some time for the package
to be updated on crates.io.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-05-30 21:49:50 +02:00
Champ-Goblem
f4007e5dc1 agent: increase LimitNOFILE in the systemd service 
Increase the NOFILE limit in the systemd service, this helps with
running databases in the Kata runtime.

Signed-off-by: Champ-Goblem <cameron@northflank.com>
 2025-05-30 17:49:29 +02:00
Fabiano Fidêncio
d3f81ec337 Merge pull request #11240 from Apokleos/copydir 
runtime-rs: Propagate k8s configs correctly when sharedfs is disabled
 2025-05-27 12:41:21 +02:00
Steve Horsman
f8c5aa6df6 Merge pull request #11259 from fitzthum/bump-gc-0140 
Update Trustee and Guest Components for CoCo v0.14.0
 2025-05-20 18:05:17 +01:00
alex.lyn
6fa409df1a kata-agent: Improve file sync handling and address symlink issues 
When synchronizing file changes on the host, a "symlink AlreadyExists"
issue occurs, primarily due to improper handling of symbolic links
(symlinks). Additionally, there are other related problems.

This patch will try to address these problems.
(1) Handle symlink target existence (files, dirs, symlinks) during host file
    sync. Use appropriate removal methods (unlink, remove_file, remove_dir_all).
(2) Enhance temporary file handling for safer operations and implement truncate
    only at offset 0 for resume support.
(3) Set permissions and ownership for parent directories.
(4) Check and clean target path for regular files before rename.

Fixes #11237

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2025-05-20 16:55:49 +08:00
Steve Horsman
711fcd8f51 Merge pull request #11251 from stevenhorsman/rust-vulns-9th-may-2025 
Rust vulns 9th may 2025
 2025-05-14 09:58:12 +01:00
Zvonko Kaiser
5cc098ae43 Merge pull request #11242 from houstar/qing/safe-path 
agent: use safe-path to replace secure_join
 2025-05-12 10:58:19 -04:00
Qingyuan Hou
c0ceaf661a agent: use safe-path to replace secure_join 
This patch use safe-path library to safely handle filesystem paths.

Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
 2025-05-12 09:06:55 +00:00
Tobin Feldman-Fitzthum
d714eb2472 agent: update image-rs for CoCo v0.14.0 
We might be able to eliminate this dependency soon, but for now let's
update image-rs.

I massaged the dependencies with:

cargo update idna_adapter@1.2.1 --precise 1.2.0
cargo update litemap@0.7.5 --precise 0.7.4
cargo update zerofrom@0.1.6 --precise 0.1.5
cargo update astral-tokio-tar@0.5.2 --precise 0.5.1
cargo update base64ct@1.7.3 --precise 1.6.0
cargo update generic-array@1.2.0 --precise 1.1.1

Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
 2025-05-09 13:39:52 -05:00
stevenhorsman
7807e6c29a versions: Bump byte-unit and rust_decimal 
Bump the crates to update them and pull in a
newer version of borsh to remediate RUSTSEC-2023-0033

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-05-09 16:09:22 +01:00
stevenhorsman
787198f8bb versions: Update tempfile crate 
Update the tempfile crate to resolve security issue
[WS-2023-0045](7247a8b6ee)
that came with the remove_dir_all dependency in prior versions

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-05-09 09:57:28 +01:00
Hyounggyu Choi
a286a5aee8 Merge pull request #11076 from Jakob-Naucke/ap-bind-assoc 
Bind/associate for VFIO-AP
 2025-05-09 09:32:46 +02:00
RuoqingHe
d4d737a73e Merge pull request #10512 from ncppd/riscv64-agent 
agent: Support RISC-V 64-bit architecture
 2025-05-07 10:56:10 +08:00
RuoqingHe
4f97e5fed3 Merge pull request #11226 from kata-containers/dependabot/cargo/src/agent/tokio-1.44.2 
build(deps): bump tokio from 1.44.0 to 1.44.2
 2025-05-06 21:55:18 +08:00
Fabiano Fidêncio
78bf9d7500 Merge pull request #11232 from lifupan/mtu 
runtime: add the mtu support for updating routes
 2025-05-06 15:55:04 +02:00
stevenhorsman
6030a64f0c build(deps): bump tokio to 1.44.2 
Bumps [tokio](https://github.com/tokio-rs/tokio) from to 1.44.2
in all components to resolve the security vuln throughout our repo

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-05-06 11:38:52 +01:00