Fixes#803
Move "newstore" features out of experimental feature list, from this
commit "newstore" will be default enabled.
Signed-off-by: Wei Zhang <weizhang555@gmail.com>
Do not flush it atexit(), where the test report file might be already
closed and it causes go test failure like:
PASS
testing: can't write /tmp/go-build146132196/b001/testlog.txt: close /tmp/go-build146132196/b001/testlog.txt: file already closed
FAIL github.com/kata-containers/runtime/cli 4.256s
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Otherwise we fail to run it with non-root user with errors like:
`mkdir /var/lib/vc/uuid: permission denied`
Fixes: #2370
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
ret is uintptr and always >= 0. errno is enough for error checking.
This is causing lint error:
/home/vagrant/workplace/golang/src/github.com/kata-containers/runtime/virtcontainers/utils
cli/kata-check.go:446:20: SA4003: no value of type uintptr is less than 0 (staticcheck)
if errno != 0 || ret <= 0 {
^
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
To control whether an image rootfs is used as nvdimm device or just
plain virtio-block device.
Fixes: #2372
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Do not implement in each arch code. We should have a generic
implementation instead.
-. amd64 and arm64 uses nvdimm
-. ppc64le and s390x uses virtio-blk
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
In oderder to make unit testing simpler,
lets add an interface that could be mocked.
Let hypervisor have a instance of virtiofsd interface,
and this makes a loose dependency to allow mock testing.
With the inteface is possible to add startSandbox unit test:
- use utils.StartCmd to mock call to start hypervisor process.
- Add unit test for startSandbox.
Fixes: #2367
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Check if path is not empty this makes, this help
unit test know why the function failed.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
9p values are ignored by virtiofs, but this should be
not changed on validation to allow have unit test with
virtiofs config.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add unit test for clh.
- Check endpoint has valid values for CH.
- Add unit tests
- Add force flag to ignore cleanup errors.
- Add unit tests.
- Fail if hypervisor ID is empty.
- Add createSandbox uni test
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add interface with the same methods of client,
this will help to decouple the implementation
and help use to do mock testing.
Add Mock client and add bootVM unit test
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
When we used jailer to launch firecracker, kata container failed due
to the following causes:
1. new flag `--config-file` belongs to the jailed firecracker,
so, adhering to the `end of command options` convention, we need to
give `--config-file` a prefix `--`.
2. The path of the config file(`fcConfig.json`) should be also
relative to the jailed firecracker.
3. Since we do the configuration before func `fcInit` now, we also need
to bring `jailer check` ahead.
4. The config file should be umounted and cleaned up.
Fixes: #2362
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The bootloader in firecracker on ARM platform only supports kernel
in Portable Executable(PE) format.
So we need `build-kernel.sh` to provide correct kernel image format
when parameter `hypervisor_target`, `-t`, defined with firecracker.
Fixes: #886
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If we want to run the build.sh by using a user this is failing by saying
that `failed to dial gRPC: cannot connect to the Docker daemon...
/var/run/docker.sock: connect: permission denied`. This PR fixes that issue.
Fixes#889
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
When kata-runtime was invoked as rootless by podman with
net=none, an empty net namespace path is provided.
kata-runtime was then trying to create a new network namespace
and bind-mounting it under /var/run/netns, resulting in a permission error.
Instead, with this commit, the runtime checks if it is
running rootless and instead creates network namespace bind mount
under rootless directory instead.
Fixes#2319
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Linux has embraced another LTS kernel version v5.4.x.
If we, AArch64, update stable guest kernel version
to v5.4.x, we could get rid of huge chunkes of backport
patches under patches/4.19.x/.
Except following configs are penny-defined turned on/off,
all the other are sort of `built-in` defined or inherited
from v4.19.x.
1. CONFIG_IO_URING = y
This option enables support for the io_uring interface.
2. CONFIG_RODATA_FULL_DEFAULT_ENABLED = n
Apply read-only attributes of VM areas to the linear
alias of the backing pages as well.
3. CONFIG_ARM64_TAGGED_ADDR_ABI = n
When this option is enabled, user applications can opt in to
a relaxed ABI allow virtual tagged addresses to be passed to
system calls as pointer arguments.
4. CONFIG_ARM64_PTR_AUTH = n
Pointer authentication provides instructions for signing and
authenticating pointers against secret keys, which can be used to
mitigate Return Oriented Programming (ROP) and other attacks.
Fixes: #882
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Update github.com/kata-containers/agent to handle hvsock issue.
Shortlog:
33f3208 client.go: HybridVSockDialer: Close dup fd after receive packet
74a3b95 release: Kata Containers 1.10.0-rc0
afd0871 ci: install docker before configure
c502552 client.go: HybridVSockDialer: Check return size n of unix.Recvfrom
f8e4ce8 client.go: HybridVSockDialer: Change Read EOT to recv peek
5b64d42 agent: get current cpuset from /sys/devices/system/cpu/online
183a24a release: Kata Containers 1.10.0-alpha1
1ee8516 config: add option to control hotplug timeout of block devices
40567f6 release: Kata Containers 1.10.0-alpha0
19bee57 agent: connect debugging console in a specific vsock port
8361150 docs: Add enable services and installation steps for TRACING.md
a4f7373 agent: fix pause bin on musl
f9f129a docs: Add missing steps at TRACING.md
d3e66bf tracing: Wrapper for tracing functions
7a7dba7 network: ensure parent directories exist
455f728 tracing: Generate an alias for opentracing.Span
5f302e5 agent: Revert "client: remove the parameter of 'enableYamux'"
717ee24 client: remove the parameter of 'enableYamux'
d387c77 vendor: Update github.com/syndtr/gocapability/capability
b3d737b vendor: update libcontainer to 1.0.0-rc9
6eac713 release: Kata Containers 1.9.0-rc0
Fixes: #2284
Signed-off-by: Hui Zhu <teawater@antfin.com>
Update golang.org/x/sys to ac767d655b305d4e9612f5f6e33120b9176c4ad4
that same with agent.
Shortlog for golang.org/x/sys:
ac767d6 windows/svc/mgr: add ability to set a reboot message and command when a service fails
1b2967e unix: implement RFCOMM sockets on Linux
7b495ad unix: update Dockerfile to Go 1.11beta1
3c6ecd8 windows: add missing file attributes
ce36f38 unix: regenerate syscall wrappers for linux/ppc64{,le}
151529c windows, windows/svc/mgr: add ability to modify service recovery settings.
7138fd3 unix: do not return non-nil error for 0 errno in FcntlInt
c4afb3e unix: fix TestUtimesNanoAt for filesystems with 1-second resolution time stamps
a200a19 unix: don't check atime in TestUtimesNanoAt
63fc586 unix: use private copy of ustat_t on Linux
ad87a3a unix: check faccessat flags parameter on Linux
fc8bd94 unix: don't use deprecated syscalls on linux/arm64
f24d3d4 unix: add Faccessat on Solaris
6c888cc windows: replace uintptr in crypto structs
8014b7b windows: follow convention for generated code comment
8883426 plan9: follow convention for generated code comment
9e6071e unix: follow convention for generated code comment
56ede36 unix: add rtc defines and types
8ee9f3e unix: add Faccessat on NetBSD
f4b713d unix: add Faccessat on OpenBSD
a9e25c0 unix: update Dockerfile to Ubuntu 18.04, Linux 4.17, and Go 1.10.3
bff228c windows: update TOKEN_ALL_ACCESS according to WinNT.h
24c297a unix: support compiling with gccgo on linux/386
7c1e4f3 unix: drop use function stub for gccgo
9527bec cpu: fix gccgo build
bc2ef10 cpu: add gccgo implementation
538ab54 cpu: introduce and export type CacheLinePad
c11f84a unix: don't check atime in TestStatx
d4cedef unix: make Nfgenmsg a type definition
3135538 unix: add nftables defines and types
b269ba2 unix: fix TestXattr on android
04b8398 unix: fix or skip failing tests on android and iOS
e2c7578 unix: delete TestDevices for *BSD and Darwin
56ad15c windows: add QueryServiceStatusEx function
77b0e43 unix: add symlink-safe *xattr functions on darwin
f3b0f5f unix: skip TestStatx if the operation is not permitted
028bb33 unix: delete TestDevices test for Solaris
88eb85a unix: add tests for *xattr functions
dc67e5b windows: address error reported by vet
0b6bef9 unix: add {get,set,remove,list}xattr on darwin
7f59abf unix: update openbsd/amd64 to OpenBSD 6.3
89da893 unix: exclude AUDIT_RECORD_MAGIC constant on darwin
7c87d13 unix: add tpacket types and constants on Linux
d0faeb5 unix: fix TestSCMCredentials to not fail when root
9950ad1 unix: add statfs and filesystem magic constants on Linux
7dfd129 windows: address vet reports
64746a4 unix: address vet's finding of wrong argument size
7db1c3b cpu: use t.Fatal instead of t.Fatalf
6f686a3 unix: add ErrnoName and SignalName
78d5f26 windows/svc: correct MOVL instruction in sys_amd64.s
4adea00 cpu: new package
f67ecc1 unix: use Fstatat for Stat on linux/amd64
cbbc999 unix: use pselect on amd64 to satisfy Android
bb9c189 unix: 32-bit MIPS splice system call returns int, not int64
79b0c68 unix: add Linux block device ioctl types and constants
a2a4594 unix: avoid extra syscall on send/recvmsg on Linux
3ccc7e5 unix: fix typos in linux/types.go.
9b00609 unix: add tcp_md5sig on Linux
b126b21 unix: re-export Fsid and Sigset_t Val member on Linux
ecfd8b5 unix: implement getrtable/setrtable syscalls on OpenBSD
2f57af4 unix: add wrapper around perf_event_open on Linux
2281fa9 unix: don't export any padding/alignment fields on all platforms
f6f3529 unix: add a step to mkall.go that generates ABI headers to be referenced from types.go
3b87a42 unix: update Dockerfile to Linux 4.16 and Go 1.10.1
1d206c9 unix: add FcntlInt
fcb792c unix: unify Getsockopt*
f67933e unix: solicit EPERM via wrong PID in creds test.
378d26f unix: add CRTSCTS on netbsd and openbsd
2de2067 unix: add sendfile support on Solaris
13d03a9 unix: add GetsockoptLinger and GetsockoptTimeval
91ee8cd unix: use strings.IndexByte instead of for loops
1e3c777 unix: don't export padding fields on Darwin
c488ab1 unix: add Fadvise on linux/{arm64,mipsx.mips64x,ppx64x,sparc64}
ee8db00 unix: add Fadvise on NetBSD
bb729a5 unix: fix TestFchmodat on Illumos
6416052 unix: enable TestFchmodat for all Unices
dd203b8 unix: add Fchmodat on NetBSD
7ceb54c unix: add Fchmodat on DragonflyBSD
f8f1a95 unix: add Fchmodat on OpenBSD
d8e400b unix: fix example
01acb38 plan9, unix, windows: add paragraph breaks in docs
0deb464 unix: add Exec call
2f1e207 unix: add IFLA attributes on linux/sparc64
cc7307a unix: add Fstatat on Darwin
5c2edb5 unix: add Fstatat on OpenBSD
89ac7f2 CONTRIBUTING.md: remove note about not accepting Pull Requests
932fb22 unix: add Fstatat on NetBSD
2477406 unix: add Fstatat on FreeBSD
bcaab34 unix: don't export padding fields on DragonflyBSD
0edb963 unix: add Fstatat on DragonflyBSD
6035cb0 unix: don't export padding fields on Solaris
591c159 unix: add Fstatat on Solaris
8c0ece6 unix: extend rlimit test on Linux
c28acc8 unix: fix seek while compiling with gccgo under arm and 386
7dca6fe plan9: use bytes.IndexByte instead of a for loop
e64a828 unix: use bytes.IndexByte instead of a for loop
349b81f unix: skip SchedAffinity test on single CPU system
dd2ff4a unix: fix nil pointer dereference in Select on linux/{arm64,mips64x}
f6cff07 windows/registry: improve ReadSubKeyNames permissions
Fixes: #2284
Signed-off-by: Hui Zhu <teawater@antfin.com>
Fedora 28 has come to end of life status which makes not possible to
retrieve the repositories while performing an update. This PR removes
this distro with this version so we not longer create and test obs packages
for fedora 28.
Fixes#879
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
- ip and mask are not needed anymore.
- fs queues are set by cloud-hypervisor.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
