This patch fixed the security issue if the container images has
unsafe symlink to the container rootfs and hackers can be exploit
this symlink to hack the guest system. e.g. make directory or files
on guest.
CVE-2015-3629
Fixes: #1219
Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
The first incompatible issue is caused by a typo, "swapiness" should
be "swappiness". The second incompatible issue is caused by a serde
format. The struct LinuxBlockIODevice is introduced for convenience,
but it also changes serialized data, so "#[serde(flatten)]" should
be used for compatibility with OCI spec.
Fixes: #1211
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
When receiving an OnlineCpuMemory RPC, if the number of CPUs to be
made available is 0, then updating the cpusets is a redundant operation.
Fixes: #1172
Signed-off-by: Maruth Goyal <maruthgoyal@gmail.com>
oci.proto imports "google/protobuf/wrappers.proto", but doesn't appear to
use it, which causes a warning from protoc when we compile it. Remove the
import to fix the warning.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The generate_go_sources() function in update-generate-proto.sh adds a
number of include directives to the protoc command line. Some of these
don't appear to be necessary to correctly compile the agent's protocol
files, so remove them.
Amongst other things were directives pointing at the old Kata1 runtime and
agent repositories. Those ones could be actively harmful by causing odd
dependencies of the Kata2 build on the Kata1 repositories.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
src/agent/protocols/hack/update-generated-proto.sh checks for the presence
of protoc-gen-rust and ttrpc_rust_plugin, but it doesn't actually need
them. Those tools are needed to generate Rust code from the gRPC proto
files, but that's already handled in src/agent/protocols/build.rs using
Cargo for dependency management.
This script is only needed for the Go code, for which the other tools are
sufficient.
fixes#1198
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This PR wraps fd raw descriptor with File, so it'll be properly closed once exited.
Fixes: #1192
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Improve Kata Containers memory footprint by reducing debian
image size.
Without this change:
Debian image -> 256MB
With this change:
Debian image -> 128MB
Note: this change *will not* impact ubuntu image.
fixes#1188
Signed-off-by: Julio Montes <julio.montes@intel.com>
The current description on the Cloud Hypervisor support in Kata
containers were introduced back to kata 1.10 and are out-dated.
Depends-on: github.com/kata-containers/tests#3106
Fixes: #1167
Signed-off-by: Bo Chen <chen.bo@intel.com>
On runtime/Makefile the value of DESTDIR is set to "/", unless one
pass that variable as an argument to `make`. This change will
allow its overwrite if DESTDIR is exported in the environment as
well.
Fixes#1182
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Define `before_starting_container` and `after_stopping_container`
functions, these functions run before and after the container that
builds the rootfs respectively.
Signed-off-by: Julio Montes <julio.montes@intel.com>
According to the new snap document
`docs/install/snap-installation-guide.md`, Kata Containers 2.x should
be available in the snapcraft `candidate` channel.
fixes#1174
Signed-off-by: Julio Montes <julio.montes@intel.com>
Improve snap documentation, document how to install
kata 1.x and 2.x, how to configure them and their integration
with container engines.
fixes#1138
Signed-off-by: Julio Montes <julio.montes@intel.com>
This is the Rust porting of https://github.com/kata-containers/agent/pull/371
`read_stdout`/`read_stderr` is blocking rpc calls, if exec process
exited, these calls is on blocking state for reading on process's
term master fd, and can't get a chance to break the wait.
In this PR, `read_stdout`/`read_stderr` will not read directly from
a term master of a process, instead, it will first have to get
an fd to read from newly added `epoller.poll()`. `epoller.poll()` may returns:
- the term master fd of exec process, if the process is running.
- a fd(piped fd) will return EOF when reading to indicate that th process is exited.
Fixes: #1160
Signed-off-by: bin liu <bin@hyper.sh>
fix the custom agent binary file path for creating an initrd image in
the Developer-Guide.md file.
Fixes: #919
Signed-off-by: Ychau Wang <wangyongchao.bj@inspur.com>
Sometimes shim process cannot be shutdown because of container list
is not empty. This container list is written in shim service, while
creating container. We find that if containerd cancel its Create
Container Request due to timeout, but runtime didn't handle it properly
and continue creating action, then this container cannot be deleted at
all. So we should make sure the ctx passed to Create Service rpc call
is effective.
Fixes#1088
Signed-off-by: Yves Chan <shanks.cyp@gmail.com>
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
After cpu hot-plugged is available, cpuset for containers will be written into
cgroup files recursively, the paths should include container's cgroup path, and up
to root path of cgroup filesystem.
Fixes: #1156, #1159
Signed-off-by: bin liu <bin@hyper.sh>
The result of `cpuset_controller.set_cpus(&cpu.cpus)` is unwrapped,
this will lead creating container to fail if cpuset is set.
The sandbox's `CreateContainer` sequence is:
c, err := newContainer(s, &contConfig)
err = c.create()
c.sandbox.agent.createContainer(c.sandbox, c) (1)
err = s.updateResources()
oldCPUs, newCPUs, err := s.hypervisor.resizeVCPUs(sandboxVCPUs) (2)
cpuset only avaiable after `s.hypervisor.resizeVCPUs` has been called at (2),
and then cpuset is written to cgourps file.
Fixes: #1159
Signed-off-by: bin liu <bin@hyper.sh>
We should always cleanup the vm directory when doing `stopSandbox`,
while we are skipping the cleanup process on some error code paths when
using cloud-hypervisor driver.
Fixes: #1098
Signed-off-by: Bo Chen <chen.bo@intel.com>
The VMT process is well documented, but users would need to land on
community repo to find it. Let's make it easier to identify the correct
way to disclose vulnerabilities.
Fixes: #1136
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Otherwise `make install` run from the top directory would just fail as
the target is not defined.
Fixes: #1149
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Otherwise `make install` run from the top directory would just fail as
the target is not defined.
Fixes: #1149
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Before loading a module, the check subcommand should check if the
current user can load it.
fixes#3085
Signed-off-by: Julio Montes <julio.montes@intel.com>
Don't fail if rate limit is exceeded since this is a
limitation/restriction of Github not a problem in the host.
Print a warning when the rate limit is exceeded.
For more information about Github's rate limit, see
https://developer.github.com/v3/#rate-limiting
Signed-off-by: Julio Montes <julio.montes@intel.com>
