bindmount remount events are not propagated through mount subtrees,
so we have to remount the shared dir mountpoint directly.
E.g.,
```
mkdir -p source dest foo source/foo
mount -o bind --make-shared source dest
mount -o bind foo source/foo
echo bind mount rw
mount | grep foo
echo remount ro
mount -o remount,bind,ro source/foo
mount | grep foo
```
would result in:
```
bind mount rw
/dev/xvda1 on /home/ubuntu/source/foo type ext4 (rw,relatime,discard,data=ordered)
/dev/xvda1 on /home/ubuntu/dest/foo type ext4 (rw,relatime,discard,data=ordered)
remount ro
/dev/xvda1 on /home/ubuntu/source/foo type ext4 (ro,relatime,discard,data=ordered)
/dev/xvda1 on /home/ubuntu/dest/foo type ext4 (rw,relatime,discard,data=ordered)
```
The reason is that bind mount creats new mount structs and attaches them to different mount subtrees.
However, MS_REMOUNT only looks for existing mount structs to modify and does not try to propagate the
change to mount structs in other subtrees.
Fixes: #1061
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Correct the link in the GitHub action commit message check showing users how to format all commits.
Fixes: #1053
Signed-off-by: AIsland <yuchunyu01@inspur.com>
Correct the default configuration of [hypervisor.qemu] shared_fs in configuration-qemu.toml to virtio-fs in kata 2.0.
Fixes: #1054
Signed-off-by: AIsland <yuchunyu01@inspur.com>
Cloud-hypervisor supports DAX, let's enable it to reduce its memory
footprint.
Before this patch:
**19.96M**
```
20448kB -- [/usr/share/kata-containers/kata.img]
```
With this patch:
**10.83M**
```
11100kB -- [/usr/share/kata-containers/kata.img]
```
fixes#1056
Signed-off-by: Julio Montes <julio.montes@intel.com>
This PR updates the crio version from 1.18.3 to 1.18.4 in order to include
the fix https://github.com/cri-o/cri-o/pull/4284.
Fixes#1036
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
It's should catch the failed error of spawning a new thread, otherwise,
it would cause the current thread panic.
Fixes: #1034
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Only root is able to create and manipulate cgroups, this mock
implementation of a cgroup manager can used in unit testing.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Fix the instructions explaining how to build the agent from source now that make needs to be run to auto-generate some source files.
Fixes: #889.
Signed-off-by: LiYa'nan <oliverliyn@gmail.com>
Remove the old subcommands from the documentation and replace them with
the new form (without the redundant `kata-` prefix).
Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
Update the `kata-manager` script to call the new subcommand forms
without `kata-` prefix.
Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
Provide the subcommands `kata-env` and `kata-check` as `env` and `check`
respectively.
Fixes#1011
Signed-off-by: Daniel Knittl-Frank <knittl89+git@googlemail.com>
fixup! cli: Add aliases to kata-env and kata-check commands
Fix the instructions explaining how to build the agent from source now that make needs to be run to auto-generate some source files.
Fixes: #889
Signed-off-by: LiYa'nan <oliverliyn@gmail.com>
Because the repos have been merged and the agent repo will be removed in the future,
we do not need mock the file structure any more.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Fix the permissions of PID 1's STDIO within the container to
the specified user.
The ownership needs to match because it is created outside of the
container and needs to be localized.
Fixes: #1022
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Calls apply-patches.sh in kernel/build-kernel.sh to apply the
kernel patches.
Fixes#1014
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
