This PR updates the libseccomp version at the versions.yaml that is
being used in the kata CI.
Fixes#4858
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
"We need a newer nightly 1.62 rust to deal with the change
rust-lang/libc@576f778 on crate libc which breaks the compilation."
This comes from the a pull-request raised on TD-shim repo,
https://github.com/confidential-containers/td-shim/pull/354, which fixes
the issues with the commit being used with Kata Containers.
Let's bump to a newer commit of TD-shim and to a newer version of the
nightly toolchain as part of our versions file.
Fixes: #4840
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
"An empty [workspace] can be used with a package to conveniently create a
workspace with the package and all of its path dependencies", according
to the https://doc.rust-lang.org/cargo/reference/workspaces.html
This is also matches with the suggestion provided by the Cargo itself,
due to the errors faced with the Cloud Hypervisor CI:
```
10:46:23 this may be fixable by adding `go/src/github.com/kata-containers/kata-containers/src/tools/agent-ctl` to the `workspace.members` array of the manifest located at: /tmp/jenkins/workspace/kata-containers-2-clh-PR/Cargo.toml
10:46:23 Alternatively, to keep it out of the workspace, add the package to the `workspace.exclude` array, or add an empty `[workspace]` table to the package's manifest.
```
Fixes: #4843
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The file was added as part of the commit that tested this changes in the
CCv0 branch, but forgotten when re-writing it to the `main` branch.
Fixes: #4841
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
If the API server is not ready, the mount call will fail, so before
mounting share fs, we should wait the nydusd is started and
the API server is ready.
Fixes: #4710
Signed-off-by: liubin <liubin0329@gmail.com>
Signed-off-by: Bin Liu <bin@hyper.sh>
Instead of passing a bunch of arguments to qmp functions for
adding block devices, use govmm BlockDevice structure to reduce these.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Get rid of redundant return values from function.
args and blockdevArgs used to return different values to maintain
compatilibity between qemu versions. These are exactly the same now.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This configuration will allow users to choose between different
I/O backends for qemu, with the default being io_uring.
This will allow users to fallback to a different I/O mechanism while
running on kernels olders than 5.1.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Remove line about annotations support in CRI-O and containerd since it
has been supported for a couple years.
Fixes#4819
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
To keep runtime-rs up to date, we will merge main into runtime-rs every
week.
Fixes:kata-containers#4822
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
Update documentation with details regarding
intel-device-plugins-for-kubernetes setup and dependencies.
Fixes#4819
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
github.com/kata-containers/tests#4986.To avoid returning an error when
running the ci, we just skip the test if the arch is s390x
Fixes: #4816
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
github.com/kata-containers/tests#4986.To avoid returning an error when running the ci, we just skip the build
process if the arch is s390x
Fixes: #4816
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
io_uring was introduced as a new kernel IO interface in kernel 5.1.
It is designed for higher performance than the older Linux AIO API.
This feature was added in qemu 5.0.
Fixes#4645
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Let's create the td-shim tarball in the directory where the script was
called from, instead of doing it in the $DESTDIR.
This aligns with the logic being used for creating / extracting the
tarball content, which is already in use by the kata-deploy local build
scripts.
Fixes: #4809
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's create the OVMF tarball in the directory where the script was
called from, instead of doing it in the $DESTDIR.
This aligns with the logic being used for creating / extracting the
tarball content, which is already in use by the kata-deploy local build
scripts.
Fixes: #4808
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The latest kernel with TDX support should be pulled from a different
repo (https://github.com/intel/linux-kernel-dcp, instead of
https://github.com/intel/tdx), and the latest version to be used is
SPR-BKC-PC-v9.6.
With the new version being used, let's make sure we enable the
INTEL_TDX_ATTESTATION config option, and all the dependencies needed to
do so.
Fixes: #4803
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's just re-order the TDX configs alphabetically. No new config has
been added or removed, thus no need to bump the kernel version.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's use the latest tag provided in the
"https://github.com/intel/qemu-dcp" repo, "SPR-BKC-QEMU-v2.5".
Fixes: #4802
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
ps command supprot two formats, `json` and `table`. `json` format just
outputs pids in the container. `table` format will use `ps` utilty in
the host, search and output all processes in the container. Add a struct
`container` to represent a spawned container. Move the `kill`
implemention from kill.rs as a method of `container`.
Fixes: #4361
Signed-off-by: Chen Yiyang <cyyzero@qq.com>
Linux 5.14 supports core scheduling to have better security control
for SMT siblings. This PR supports that.
Fixes: #4429
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
