Upgrade the container before building qemu and nemu in order to install
the latest fixes for the CVEs.
fixes#676
Signed-off-by: Julio Montes <julio.montes@intel.com>
Do not use cache to build the docker images that build static qemu and nemu.
The latest version of the packages must be installed, since they may include
the fixes for theirs CVEs.
Signed-off-by: Julio Montes <julio.montes@intel.com>
In theory the latest ubuntu long term may have less CVE than previous versions,
so let's use it to build the static QEMU.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Memory preallocation is just a property that hugepage, file backed
memory and memory-backend-ram can each choose to configure.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When guest panics or stops with unexpected internal
error, qemu process might still be running but we can
find out such situation with qmp. Then monitor can still
report such failures to watchers.
Fixes: #1963
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
164bd8c test/fmt: drop extra newlines
73555a4 qmp: add query-status API
234e0ed qemu: fix memory prealloc handling
30bfcaa qemu: add debug logfile
dep now checks for dependency recersively.
runtime-spec and gogo protobuf are also updated as being required by kata agent.
Solving failure: No versions of github.com/kata-containers/agent met constraints:
94e2a254a94a77c02280f4f84d7f82269be163ce: Could not introduce github.com/kata-containers/agent@94e2a254a94a77c02280f4f84d7f82269be163ce, as it has a dependency on github.com/opencontainers/runtime-spec with constraint a1b50f621a48ad13f8f696a162f684a241307db0, which has no overlap with existing constraint 5806c35637336642129d03657419829569abc5aa from (root)
Solving failure: No versions of github.com/kata-containers/agent met constraints:
94e2a254a94a77c02280f4f84d7f82269be163ce: Could not introduce github.com/kata-containers/agent@94e2a254a94a77c02280f4f84d7f82269be163ce, as it has a dependency on github.com/gogo/protobuf with constraint 4cbf7e384e768b4e01799441fdf2a706a5635ae7, which has no overlap with existing constraint 342cbe0a04158f6dcb03ca0079991a51a4248c02 from (root)
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Use the rootfs image by defult since performance is better,
smaller memory footprint and boot time.
fixes#667
Signed-off-by: Julio Montes <julio.montes@intel.com>
We don't really need to unplug it from guest because we have
already stopped it. Just detach it and clean it up.
Fixes: #1968
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This reverts commit 794e08e243.
It breaks vfio device passthru as we need to bind the device
back to host when removing the endpoint. And that is not possible
when qemu is still running (thus holding reference to the device).
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Upgrade openSUSE Leap version from 42.3 to the latest 15.1, since 42.3
version is now discontinued.
Fixes: #637
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
If guest is malfunctioning, we need a way to bail out. Add
a default timeout for most of the grpc requests so that the
runtime does not wait indefinitely.
Fixes: #1952
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We might need to call hypervisor hotunplug to really remove
a network device. We cannot do it after stopping the VM.
Fixes: #1956
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Since the image rootfs is readonly, we
create an empty /etc/resolv.conf which
the agent would later bind-remount as
read-write.
Fixes: #345
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
Drop the bits for bridged networking in ACRN and change the default
to macvtap. We should eventually change this to tcfilter with additional
testing.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Support for loading kernel modules got merged. kmod package is needed for
loading kernel modules in the guest.
fixes#341
Signed-off-by: Julio Montes <julio.montes@intel.com>
Don't install chrony, iptables-bin and util-linux-bin when AGENT_INIT=yes,
these packages are only needed when the init process is systemd.
Signed-off-by: Julio Montes <julio.montes@intel.com>