Merge pull request #1839 from fidencio/2.0.4-branch-bump

# Kata Containers 2.0.4
release: Kata Containers 2.0.4
2026-03-01 02:02:11 +00:00 · 2021-05-13 12:17:27 +02:00 · 2021-05-12 23:18:45 +02:00 · 2021-05-07 08:18:32 +02:00 · 2021-05-06 11:00:47 +08:00 · 2021-05-03 21:19:10 -07:00
275 changed files with 7289 additions and 32281 deletions
--- a/.github/workflows/kata-deploy-test.yaml
+++ b/.github/workflows/kata-deploy-test.yaml
@@ -1,7 +1,12 @@
-on: issue_comment
+on:
+  issue_comment:
+    types: [created, edited]
+
 name: test-kata-deploy
+
 jobs:
  check_comments:
+    if: ${{ github.event.issue.pull_request }}
    runs-on: ubuntu-latest
    steps:
      - name: Check for Command
@@ -9,7 +14,7 @@ jobs:
        uses: kata-containers/slash-command-action@v1
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          command: "test-kata-deploy"
+          command: "test_kata_deploy"
          reaction: "true"
          reaction-type: "eyes"
          allow-edits: "false"
@@ -17,6 +22,7 @@ jobs:
      - name: verify command arg is kata-deploy
        run: |
           echo "The command was '${{ steps.command.outputs.command-name }}' with arguments '${{ steps.command.outputs.command-arguments }}'"
+
  create-and-test-container:
    needs: check_comments
    runs-on: ubuntu-latest
@@ -27,22 +33,26 @@ jobs:
            ref=$(cat $GITHUB_EVENT_PATH | jq -r '.issue.pull_request.url' | sed  's#^.*\/pulls#refs\/pull#' | sed 's#$#\/merge#')
            echo "reference for PR: " ${ref}
            echo "##[set-output name=pr-ref;]${ref}"
-      - uses: actions/checkout@v2-beta
+
+      - name: check out
+        uses: actions/checkout@v2
        with:
-          ref: ${{ steps.get-PR-ref.outputs.pr-ref }}
+           ref: ${{ steps.get-PR-ref.outputs.pr-ref }}
+
      - name: build-container-image
        id: build-container-image
        run: |
            PR_SHA=$(git log --format=format:%H -n1)
-            VERSION=$(curl https://raw.githubusercontent.com/kata-containers/kata-containers/2.0-dev/VERSION)
+            VERSION="2.0.0"
            ARTIFACT_URL="https://github.com/kata-containers/kata-containers/releases/download/${VERSION}/kata-static-${VERSION}-x86_64.tar.xz"
-            wget "${ARTIFACT_URL}" -O ./kata-deploy/kata-static.tar.xz
-            docker build --build-arg KATA_ARTIFACTS=kata-static.tar.xz -t katadocker/kata-deploy-ci:${PR_SHA} ./kata-deploy
+            wget "${ARTIFACT_URL}" -O tools/packaging/kata-deploy/kata-static.tar.xz
+            docker build --build-arg KATA_ARTIFACTS=kata-static.tar.xz -t katadocker/kata-deploy-ci:${PR_SHA} ./tools/packaging/kata-deploy
            docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
            docker push katadocker/kata-deploy-ci:$PR_SHA
            echo "##[set-output name=pr-sha;]${PR_SHA}"
+
      - name: test-kata-deploy-ci-in-aks
-        uses: ./kata-deploy/action
+        uses: ./tools/packaging/kata-deploy/action
        with:
          packaging-sha: ${{ steps.build-container-image.outputs.pr-sha }}
        env:
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -38,9 +38,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -66,9 +66,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -92,9 +92,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -103,59 +103,6 @@ jobs:
          name: kata-artifacts
          path: kata-static-qemu.tar.gz

-  build-nemu:
-    runs-on: ubuntu-16.04
-    needs: get-artifact-list
-    env:
-      buildstr: "install_nemu"
-    steps:
-      - uses: actions/checkout@v1
-      - name: get-artifact-list
-        uses: actions/download-artifact@master
-        with:
-          name: artifact-list
-      - name: build-nemu
-        run: |
-         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
-           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
-         else
-           echo ::set-env name=artifact-built::false
-         fi
-      - name: store-artifacts
-        if: env.artifact-built == 'true'
-        uses: actions/upload-artifact@master
-        with:
-          name: kata-artifacts
-          path: kata-static-nemu.tar.gz
-
-  # Job for building the QEMU binaries with virtiofs support
-  build-qemu-virtiofsd:
-    runs-on: ubuntu-16.04
-    needs: get-artifact-list
-    env:
-      buildstr: "install_qemu_virtiofsd"
-    steps:
-      - uses: actions/checkout@v1
-      - name: get-artifact-list
-        uses: actions/download-artifact@master
-        with:
-          name: artifact-list
-      - name: build-qemu-virtiofsd
-        run: |
-         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
-           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
-         else
-           echo ::set-env name=artifact-built::false
-         fi
-      - name: store-artifacts
-        if: env.artifact-built == 'true'
-        uses: actions/upload-artifact@master
-        with:
-          name: kata-artifacts
-          path: kata-static-qemu-virtiofsd.tar.gz
-
  # Job for building the image
  build-image:
    runs-on: ubuntu-16.04
@@ -172,9 +119,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -199,9 +146,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -226,9 +173,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -253,9 +200,9 @@ jobs:
        run: |
         if grep -q $buildstr ./artifact-list/artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -266,7 +213,7 @@ jobs:

  gather-artifacts:
    runs-on: ubuntu-16.04
-    needs: [build-experimental-kernel, build-kernel, build-qemu, build-qemu-virtiofsd, build-image, build-firecracker, build-kata-components, build-nemu, build-clh]
+    needs: [build-experimental-kernel, build-kernel, build-qemu, build-image, build-firecracker, build-kata-components, build-clh]
    steps:
      - uses: actions/checkout@v1
      - name: get-artifacts
@@ -303,9 +250,7 @@ jobs:
          docker build --build-arg KATA_ARTIFACTS=kata-static.tar.xz -t katadocker/kata-deploy-ci:$pkg_sha ./packaging/kata-deploy
          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
          docker push katadocker/kata-deploy-ci:$pkg_sha
-
-          echo "##[set-output name=PKG_SHA;]${pkg_sha}"
-          echo ::set-env name=TAG::$tag
+          echo "::set-output name=PKG_SHA::${pkg_sha}"
      - name: test-kata-deploy-ci-in-aks
        uses: ./packaging/kata-deploy/action
        with:
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -39,9 +39,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -67,9 +67,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -93,9 +93,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -104,32 +104,6 @@ jobs:
          name: kata-artifacts
          path: kata-static-qemu.tar.gz

-  build-qemu-virtiofsd:
-    runs-on: ubuntu-16.04
-    needs: get-artifact-list
-    env:
-      buildstr: "install_qemu_virtiofsd"
-    steps:
-      - uses: actions/checkout@v2
-      - name: get-artifact-list
-        uses: actions/download-artifact@v2
-        with:
-          name: artifact-list
-      - name: build-qemu-virtiofsd
-        run: |
-         if grep -q $buildstr artifact-list.txt; then
-           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
-         else
-           echo ::set-env name=artifact-built::false
-         fi
-      - name: store-artifacts
-        if: env.artifact-built == 'true'
-        uses: actions/upload-artifact@v2
-        with:
-          name: kata-artifacts
-          path: kata-static-qemu-virtiofsd.tar.gz
-
  build-image:
    runs-on: ubuntu-16.04
    needs: get-artifact-list
@@ -145,9 +119,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -171,9 +145,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -198,9 +172,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -224,9 +198,9 @@ jobs:
        run: |
         if grep -q $buildstr artifact-list.txt; then
           $GITHUB_WORKSPACE/.github/workflows/generate-local-artifact-tarball.sh $buildstr
-           echo ::set-env name=artifact-built::true
+           echo "artifact-built=true" >> $GITHUB_ENV
         else
-           echo ::set-env name=artifact-built::false
+           echo "artifact-built=false" >> $GITHUB_ENV
         fi
      - name: store-artifacts
        if: env.artifact-built == 'true'
@@ -237,7 +211,7 @@ jobs:

  gather-artifacts:
    runs-on: ubuntu-16.04
-    needs: [build-experimental-kernel, build-kernel, build-qemu, build-qemu-virtiofsd, build-image, build-firecracker, build-kata-components, build-clh]
+    needs: [build-experimental-kernel, build-kernel, build-qemu, build-image, build-firecracker, build-kata-components, build-clh]
    steps:
      - uses: actions/checkout@v2
      - name: get-artifacts
@@ -275,11 +249,9 @@ jobs:
          docker build --build-arg KATA_ARTIFACTS=kata-static.tar.xz -t katadocker/kata-deploy-ci:$pkg_sha $GITHUB_WORKSPACE/tools/packaging/kata-deploy
          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
          docker push katadocker/kata-deploy-ci:$pkg_sha
-
-          echo "##[set-output name=PKG_SHA;]${pkg_sha}"
-          echo ::set-env name=TAG::$tag
          mkdir -p packaging/kata-deploy
          ln -s $GITHUB_WORKSPACE/tools/packaging/kata-deploy/action packaging/kata-deploy/action
+          echo "::set-output name=PKG_SHA::${pkg_sha}"
      - name: test-kata-deploy-ci-in-aks
        uses: ./packaging/kata-deploy/action
        with:
--- a/.github/workflows/snap-release.yaml
+++ b/.github/workflows/snap-release.yaml
@@ -0,0 +1,37 @@
+name: Release Kata 2.x in snapcraft store
+on:
+  push:
+    tags:
+      - '2.*'
+jobs:
+  release-snap:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Check out Git repository
+        uses: actions/checkout@v2
+
+      - name: Install Snapcraft
+        uses: samuelmeuli/action-snapcraft@v1
+        with:
+          snapcraft_token: ${{ secrets.snapcraft_token }}
+
+      - name: Build snap
+        run: |
+          sudo apt-get install -y git git-extras
+          kata_url="https://github.com/kata-containers/kata-containers"
+          latest_version=$(git ls-remote --tags ${kata_url} | egrep -o "refs.*" | egrep -o "[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+" | sort -V -r -u | head -1)
+          current_version="$(echo ${GITHUB_REF} | cut -d/ -f3)"
+          # Check semantic versioning format (x.y.z) and if the current tag is the latest tag
+          if echo "${current_version}" | grep -q "^[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+$" && echo -e "$latest_version\n$current_version" | sort -C -V; then
+            # Current version is the latest version, build it
+            snapcraft -d snap --destructive-mode
+          fi
+
+      - name: Upload snap
+        run: |
+          snap_version="$(echo ${GITHUB_REF} | cut -d/ -f3)"
+          snap_file="kata-containers_${snap_version}_amd64.snap"
+          # Upload the snap if it exists
+          if [ -f ${snap_file} ]; then
+            snapcraft upload --release=candidate ${snap_file}
+          fi
--- a/.github/workflows/snap.yaml
+++ b/.github/workflows/snap.yaml
@@ -1,15 +1,5 @@
 name: snap CI
-on:
-  pull_request:
-    paths:
-      - "**/Makefile"
-      - "**/*.go"
-      - "**/*.mk"
-      - "**/*.rs"
-      - "**/*.sh"
-      - "**/*.toml"
-      - "**/*.yaml"
-      - "**/*.yml"
+on: ["pull_request"]
 jobs:
  test:
    runs-on: ubuntu-20.04
--- a/.github/workflows/static-checks.yaml
+++ b/.github/workflows/static-checks.yaml
@@ -0,0 +1,66 @@
+on: ["pull_request"]
+name: Static checks
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: [1.13.x, 1.14.x, 1.15.x]
+        os: [ubuntu-20.04]
+    runs-on: ${{ matrix.os }}
+    env:
+      TRAVIS: "true"
+      TRAVIS_BRANCH: ${{ github.base_ref }}
+      TRAVIS_PULL_REQUEST_BRANCH: ${{ github.head_ref }}
+      TRAVIS_PULL_REQUEST_SHA : ${{ github.event.pull_request.head.sha }}
+      RUST_BACKTRACE: "1"
+      target_branch: ${TRAVIS_BRANCH}
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go-version }}
+      env:
+        GOPATH: ${{ runner.workspace }}/kata-containers
+    - name: Setup GOPATH
+      run: |
+        echo "TRAVIS_BRANCH: ${TRAVIS_BRANCH}"
+        echo "TRAVIS_PULL_REQUEST_BRANCH: ${TRAVIS_PULL_REQUEST_BRANCH}"
+        echo "TRAVIS_PULL_REQUEST_SHA: ${TRAVIS_PULL_REQUEST_SHA}"
+        echo "TRAVIS: ${TRAVIS}"
+    - name: Set env
+      run: |
+        echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
+        echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Checkout code
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+        path: ./src/github.com/${{ github.repository }}
+    - name: Setup travis references
+      run: |
+        echo "TRAVIS_BRANCH=${TRAVIS_BRANCH:-$(echo $GITHUB_REF | awk 'BEGIN { FS = \"/\" } ; { print $3 }')}"
+        target_branch=${TRAVIS_BRANCH}
+    - name: Setup
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh
+      env:
+        GOPATH: ${{ runner.workspace }}/kata-containers
+    - name: Building rust
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_rust.sh
+        PATH=$PATH:"$HOME/.cargo/bin"
+        rustup target add x86_64-unknown-linux-musl
+        rustup component add rustfmt clippy
+    # Must build before static checks as we depend on some generated code in runtime and agent
+    - name: Build
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && make
+    - name: Static Checks
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/static-checks.sh
+    - name: Run Compiler Checks
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && make check
+    - name: Run Unit Tests
+      run: |
+        cd ${GOPATH}/src/github.com/${{ github.repository }} && make test
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,9 @@
 **/*.rej
 **/target
 **/.vscode
+pkg/logging/Cargo.lock
 src/agent/src/version.rs
 src/agent/kata-agent.service
+src/agent/protocols/src/*.rs
+!src/agent/protocols/src/lib.rs
+
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,62 +0,0 @@
-# Copyright (c) 2019 Ant Financial
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-
-dist: bionic
-os: linux
-
-# set cache directories manually, because
-# we are using a non-standard directory struct
-# cargo root is in srs/agent
-#
-# If needed, caches can be cleared
-# by ways documented in
-# https://docs.travis-ci.com/user/caching#clearing-caches
-language: rust
-rust:
-  - 1.44.1
-cache:
-  cargo: true
-  directories:
-    - src/agent/target
-
-before_install:
-  - git remote set-branches --add origin "${TRAVIS_BRANCH}"
-  - git fetch
-  - export RUST_BACKTRACE=1
-  - export target_branch=$TRAVIS_BRANCH
-  - "ci/setup.sh"
-
-# we use install to run check agent
-# so that it is easy to skip for non-amd64 platform
-install:
-  - export PATH=$PATH:"$HOME/.cargo/bin"
-  - export RUST_AGENT=yes
-  - rustup target add x86_64-unknown-linux-musl
-  - sudo ln -sf /usr/bin/g++ /bin/musl-g++
-  - rustup component add rustfmt
-  - make -C ${TRAVIS_BUILD_DIR}/src/agent
-  - make -C ${TRAVIS_BUILD_DIR}/src/agent check
-  - sudo -E PATH=$PATH make -C ${TRAVIS_BUILD_DIR}/src/agent check
-
-before_script:
-  - "ci/install_go.sh"
-  - make -C ${TRAVIS_BUILD_DIR}/src/runtime
-  - make -C ${TRAVIS_BUILD_DIR}/src/runtime test
-  - sudo -E PATH=$PATH GOPATH=$GOPATH make -C ${TRAVIS_BUILD_DIR}/src/runtime test
-
-script:
-  - "ci/static-checks.sh"
-
-jobs:
-  include:
-  - name: x86_64 test
-    os: linux
-  - name: ppc64le test
-    os: linux-ppc64le
-    install: skip
-    script: skip
-  allow_failures:
-    - name: ppc64le test
-  fast_finish: true
--- a/README.md
+++ b/README.md
@@ -11,7 +11,6 @@
            * [Runtime](#runtime)
            * [Trace forwarder](#trace-forwarder)
        * [Additional](#additional)
-            * [Hypervisor](#hypervisor)
            * [Kernel](#kernel)
    * [CI](#ci)
    * [Community](#community)
@@ -87,11 +86,6 @@ when tracing the [agent](#agent) process.

 #### Additional

-##### Hypervisor
-
-The [`qemu`](https://github.com/kata-containers/qemu) hypervisor is used to
-create virtual machines for hosting the containers.
-
 ##### Kernel

 The hypervisor uses a [Linux\* kernel](https://github.com/kata-containers/linux) to boot the guest image.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.0.0
+2.0.4
--- a/ci/lib.sh
+++ b/ci/lib.sh
@@ -5,7 +5,7 @@

 export tests_repo="${tests_repo:-github.com/kata-containers/tests}"
 export tests_repo_dir="$GOPATH/src/$tests_repo"
-export branch="${branch:-2.0-dev}"
+export branch="${branch:-$TRAVIS_BRANCH}"

 clone_tests_repo()
 {
--- a/docs/Developer-Guide.md
+++ b/docs/Developer-Guide.md
@@ -1,55 +1,54 @@
-* [Warning](#warning)
-* [Assumptions](#assumptions)
-* [Initial setup](#initial-setup)
-* [Requirements to build individual components](#requirements-to-build-individual-components)
-* [Build and install the Kata Containers runtime](#build-and-install-the-kata-containers-runtime)
-* [Check hardware requirements](#check-hardware-requirements)
-    * [Configure to use initrd or rootfs image](#configure-to-use-initrd-or-rootfs-image)
-    * [Enable full debug](#enable-full-debug)
-        * [debug logs and shimv2](#debug-logs-and-shimv2)
-            * [Enabling full `containerd` debug](#enabling-full-containerd-debug)
-            * [Enabling just `containerd shim` debug](#enabling-just-containerd-shim-debug)
-            * [Enabling `CRI-O` and `shimv2` debug](#enabling-cri-o-and-shimv2-debug)
-        * [journald rate limiting](#journald-rate-limiting)
-            * [`systemd-journald` suppressing messages](#systemd-journald-suppressing-messages)
-            * [Disabling `systemd-journald` rate limiting](#disabling-systemd-journald-rate-limiting)
-* [Create and install rootfs and initrd image](#create-and-install-rootfs-and-initrd-image)
-    * [Build a custom Kata agent - OPTIONAL](#build-a-custom-kata-agent---optional)
-    * [Get the osbuilder](#get-the-osbuilder)
-    * [Create a rootfs image](#create-a-rootfs-image)
-        * [Create a local rootfs](#create-a-local-rootfs)
-        * [Add a custom agent to the image - OPTIONAL](#add-a-custom-agent-to-the-image---optional)
-        * [Build a rootfs image](#build-a-rootfs-image)
-        * [Install the rootfs image](#install-the-rootfs-image)
-    * [Create an initrd image - OPTIONAL](#create-an-initrd-image---optional)
-        * [Create a local rootfs for initrd image](#create-a-local-rootfs-for-initrd-image)
-        * [Build an initrd image](#build-an-initrd-image)
-        * [Install the initrd image](#install-the-initrd-image)
-* [Install guest kernel images](#install-guest-kernel-images)
-* [Install a hypervisor](#install-a-hypervisor)
-    * [Build a custom QEMU](#build-a-custom-qemu)
-        * [Build a custom QEMU for aarch64/arm64 - REQUIRED](#build-a-custom-qemu-for-aarch64arm64---required)
-* [Run Kata Containers with Containerd](#run-kata-containers-with-containerd)
-* [Run Kata Containers with Kubernetes](#run-kata-containers-with-kubernetes)
-* [Troubleshoot Kata Containers](#troubleshoot-kata-containers)
-* [Appendices](#appendices)
-    * [Checking Docker default runtime](#checking-docker-default-runtime)
-    * [Set up a debug console](#set-up-a-debug-console)
-      * [Simple debug console setup](#simple-debug-console-setup)
-          * [Enable agent debug console](#enable-agent-debug-console)
-          * [Start `kata-monitor`](#start-kata-monitor)
-          * [Connect to debug console](#connect-to-debug-console)
-      * [Traditional debug console setup](#traditional-debug-console-setup)
-          * [Create a custom image containing a shell](#create-a-custom-image-containing-a-shell)
-          * [Build the debug image](#build-the-debug-image)
-          * [Configure runtime for custom debug image](#configure-runtime-for-custom-debug-image)
-          * [Connect to the virtual machine using the debug console](#connect-to-the-virtual-machine-using-the-debug-console)
-              * [Enabling debug console for QEMU](#enabling-debug-console-for-qemu)
-              * [Enabling debug console for cloud-hypervisor / firecracker](#enabling-debug-console-for-cloud-hypervisor--firecracker)
-          * [Create a container](#create-a-container)
-          * [Connect to the virtual machine using the debug console](#connect-to-the-virtual-machine-using-the-debug-console)
-    * [Obtain details of the image](#obtain-details-of-the-image)
-    * [Capturing kernel boot logs](#capturing-kernel-boot-logs)
+- [Warning](#warning)
+- [Assumptions](#assumptions)
+- [Initial setup](#initial-setup)
+- [Requirements to build individual components](#requirements-to-build-individual-components)
+- [Build and install the Kata Containers runtime](#build-and-install-the-kata-containers-runtime)
+- [Check hardware requirements](#check-hardware-requirements)
+  - [Configure to use initrd or rootfs image](#configure-to-use-initrd-or-rootfs-image)
+  - [Enable full debug](#enable-full-debug)
+    - [debug logs and shimv2](#debug-logs-and-shimv2)
+      - [Enabling full `containerd` debug](#enabling-full-containerd-debug)
+      - [Enabling just `containerd shim` debug](#enabling-just-containerd-shim-debug)
+      - [Enabling `CRI-O` and `shimv2` debug](#enabling-cri-o-and-shimv2-debug)
+    - [journald rate limiting](#journald-rate-limiting)
+      - [`systemd-journald` suppressing messages](#systemd-journald-suppressing-messages)
+      - [Disabling `systemd-journald` rate limiting](#disabling-systemd-journald-rate-limiting)
+- [Create and install rootfs and initrd image](#create-and-install-rootfs-and-initrd-image)
+  - [Build a custom Kata agent - OPTIONAL](#build-a-custom-kata-agent---optional)
+  - [Get the osbuilder](#get-the-osbuilder)
+  - [Create a rootfs image](#create-a-rootfs-image)
+    - [Create a local rootfs](#create-a-local-rootfs)
+    - [Add a custom agent to the image - OPTIONAL](#add-a-custom-agent-to-the-image---optional)
+    - [Build a rootfs image](#build-a-rootfs-image)
+    - [Install the rootfs image](#install-the-rootfs-image)
+  - [Create an initrd image - OPTIONAL](#create-an-initrd-image---optional)
+    - [Create a local rootfs for initrd image](#create-a-local-rootfs-for-initrd-image)
+    - [Build an initrd image](#build-an-initrd-image)
+    - [Install the initrd image](#install-the-initrd-image)
+- [Install guest kernel images](#install-guest-kernel-images)
+- [Install a hypervisor](#install-a-hypervisor)
+  - [Build a custom QEMU](#build-a-custom-qemu)
+    - [Build a custom QEMU for aarch64/arm64 - REQUIRED](#build-a-custom-qemu-for-aarch64arm64---required)
+- [Run Kata Containers with Containerd](#run-kata-containers-with-containerd)
+- [Run Kata Containers with Kubernetes](#run-kata-containers-with-kubernetes)
+- [Troubleshoot Kata Containers](#troubleshoot-kata-containers)
+- [Appendices](#appendices)
+  - [Checking Docker default runtime](#checking-docker-default-runtime)
+  - [Set up a debug console](#set-up-a-debug-console)
+    - [Simple debug console setup](#simple-debug-console-setup)
+      - [Enable agent debug console](#enable-agent-debug-console)
+      - [Connect to debug console](#connect-to-debug-console)
+    - [Traditional debug console setup](#traditional-debug-console-setup)
+      - [Create a custom image containing a shell](#create-a-custom-image-containing-a-shell)
+      - [Build the debug image](#build-the-debug-image)
+      - [Configure runtime for custom debug image](#configure-runtime-for-custom-debug-image)
+      - [Create a container](#create-a-container)
+      - [Connect to the virtual machine using the debug console](#connect-to-the-virtual-machine-using-the-debug-console)
+        - [Enabling debug console for QEMU](#enabling-debug-console-for-qemu)
+        - [Enabling debug console for cloud-hypervisor / firecracker](#enabling-debug-console-for-cloud-hypervisor--firecracker)
+        - [Connecting to the debug console](#connecting-to-the-debug-console)
+  - [Obtain details of the image](#obtain-details-of-the-image)
+  - [Capturing kernel boot logs](#capturing-kernel-boot-logs)

 # Warning

@@ -382,22 +381,19 @@ You can build and install the guest kernel image as shown [here](../tools/packag

 # Install a hypervisor

-When setting up Kata using a [packaged installation method](install/README.md#installing-on-a-linux-system), the `qemu-lite` hypervisor is installed automatically. For other installation methods, you will need to manually install a suitable hypervisor.
+When setting up Kata using a [packaged installation method](install/README.md#installing-on-a-linux-system), the
+`QEMU` VMM is installed automatically. Cloud-Hypervisor and Firecracker VMMs are available from the [release tarballs](https://github.com/kata-containers/kata-containers/releases), as well as through [`kata-deploy`](../tools/packaging/kata-deploy/README.md).
+You may choose to manually build your VMM/hypervisor.

 ## Build a custom QEMU

-Your QEMU directory need to be prepared with source code. Alternatively, you can use the [Kata containers QEMU](https://github.com/kata-containers/qemu/tree/master) and checkout the recommended branch:
+Kata Containers makes use of upstream QEMU branch. The exact version
+and repository utilized can be found by looking at the [versions file](../versions.yaml).

-```
-$ go get -d github.com/kata-containers/qemu
-$ qemu_branch=$(grep qemu-lite- ${GOPATH}/src/github.com/kata-containers/kata-containers/versions.yaml | cut -d '"' -f2)
-$ cd ${GOPATH}/src/github.com/kata-containers/qemu
-$ git checkout -b $qemu_branch remotes/origin/$qemu_branch
-$ your_qemu_directory=${GOPATH}/src/github.com/kata-containers/qemu
-```
-
-To build a version of QEMU using the same options as the default `qemu-lite` version , you could use the `configure-hypervisor.sh` script:
+Kata often utilizes patches for not-yet-upstream fixes for components,
+including QEMU. These can be found in the [packaging/QEMU directory](../tools/packaging/qemu/patches)

+To build utilizing the same options as Kata, you should make use of the `configure-hypervisor.sh` script. For example:
 ```
 $ go get -d github.com/kata-containers/kata-containers/tools/packaging
 $ cd $your_qemu_directory
@@ -407,6 +403,8 @@ $ make -j $(nproc)
 $ sudo -E make install
 ```

+See the [static-build script for QEMU](../tools/packaging/static-build/qemu/build-static-qemu.sh) for a reference on how to get, setup, configure and build QEMU for Kata.
+
 ### Build a custom QEMU for aarch64/arm64 - REQUIRED
 > **Note:**
 >
@@ -618,8 +616,11 @@ sudo sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.debug_cons
 > **Note** Ports 1024 and 1025 are reserved for communication with the agent
 > and gathering of agent logs respectively. 

-Next, connect to the debug console. The VSOCKS paths vary slightly between
-cloud-hypervisor and firecracker.
+##### Connecting to the debug console
+
+Next, connect to the debug console. The VSOCKS paths vary slightly between each
+VMM solution.
+
 In case of cloud-hypervisor, connect to the `vsock` as shown:
 ```
 $ sudo su -c 'cd /var/run/vc/vm/{sandbox_id}/root/ && socat stdin unix-connect:clh.sock'
@@ -636,6 +637,12 @@ CONNECT 1026

 **Note**: You need to press the `RETURN` key to see the shell prompt.

+
+For QEMU, connect to the `vsock` as shown:
+```
+$ sudo su -c 'cd /var/run/vc/vm/{sandbox_id} && socat "stdin,raw,echo=0,escape=0x11" "unix-connect:console.sock"
+```
+
 To disconnect from the virtual machine, type `CONTROL+q` (hold down the
 `CONTROL` key and press `q`).

--- a/docs/Limitations.md
+++ b/docs/Limitations.md
@@ -19,6 +19,8 @@
        * [Support for joining an existing VM network](#support-for-joining-an-existing-vm-network)
        * [docker --net=host](#docker---nethost)
        * [docker run --link](#docker-run---link)
+    * [Storage limitations](#storage-limitations)
+        * [Kubernetes `volumeMounts.subPaths`](#kubernetes-volumemountssubpaths)
    * [Host resource sharing](#host-resource-sharing)
        * [docker run --privileged](#docker-run---privileged)
 * [Miscellaneous](#miscellaneous)
@@ -216,6 +218,17 @@ Equivalent functionality can be achieved with the newer docker networking comman
 See more documentation at
 [docs.docker.com](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/).

+## Storage limitations
+
+### Kubernetes `volumeMounts.subPaths`
+
+Kubernetes `volumeMount.subPath` is not supported by Kata Containers at the
+moment.
+
+See [this issue](https://github.com/kata-containers/runtime/issues/2812) for more details.
+[Another issue](https://github.com/kata-containers/kata-containers/issues/1728) focuses on the case of `emptyDir`.
+
+
 ## Host resource sharing

 ### docker run --privileged
@@ -224,7 +237,7 @@ Privileged support in Kata is essentially different from `runc` containers.
 Kata does support `docker run --privileged` command, but in this case full access
 to the guest VM is provided in addition to some host access.

-The container runs with elevated capabilities within the guest and is granted 
+The container runs with elevated capabilities within the guest and is granted
 access to guest devices instead of the host devices.
 This is also true with using `securityContext privileged=true` with Kubernetes.

--- a/docs/README.md
+++ b/docs/README.md
@@ -48,6 +48,7 @@ Documents that help to understand and contribute to Kata Containers.
 ### Design and Implementations

 * [Kata Containers Architecture](design/architecture.md): Architectural overview of Kata Containers
+* [Kata Containers E2E Flow](design/end-to-end-flow.md): The entire end-to-end flow of Kata Containers
 * [Kata Containers design](./design/README.md): More Kata Containers design documents

 ### How to Contribute
--- a/docs/Release-Process.md
+++ b/docs/Release-Process.md
@@ -79,9 +79,9 @@
  ```
  $ cd ${GOPATH}/src/github.com/kata-containers/kata-containers/tools/packaging/release
  # Note: OLD_VERSION is where the script should start to get changes.
-  $ ./runtime-release-notes.sh ${OLD_VERSION} ${NEW_VERSION} > notes.md
+  $ ./release-notes.sh ${OLD_VERSION} ${NEW_VERSION} > notes.md
  # Edit the `notes.md` file to review and make any changes to the release notes.
-  # Add the release notes in GitHub runtime.
+  # Add the release notes in the project's GitHub.
  $ hub release edit -F notes.md "${NEW_VERSION}"
  ```

--- a/docs/design/arch-images/katacontainers-e2e-with-bg.jpg
+++ b/docs/design/arch-images/katacontainers-e2e-with-bg.jpg
--- a/docs/design/arch-images/katacontainers-e2e.svg
+++ b/docs/design/arch-images/katacontainers-e2e.svg
--- a/docs/design/end-to-end-flow.md
+++ b/docs/design/end-to-end-flow.md
@@ -0,0 +1,4 @@
+# Kata Containers E2E Flow
+
+
+![Kata containers e2e flow](arch-images/katacontainers-e2e-with-bg.jpg)
--- a/docs/design/kata-api-design.md
+++ b/docs/design/kata-api-design.md
@@ -23,17 +23,17 @@ To fulfill the [Kata design requirements](kata-design-requirements.md), and base
 |`sandbox.Stats()`| Get the stats of a running sandbox, return a `SandboxStats` structure.|
 |`sandbox.Status()`| Get the status of the sandbox and containers, return a `SandboxStatus` structure.|
 |`sandbox.Stop(force)`| Stop a sandbox and Destroy the containers in the sandbox. When force is true, ignore guest related stop failures.|
-|`sandbox.CreateContainer(contConfig)`| Create new container in the sandbox with the `ContainerConfig` param. It will add new container config to `sandbox.config.Containers`.|
-|`sandbox.DeleteContainer(containerID)`| Delete a container from the sandbox by containerID, return a `Container` structure.|
+|`sandbox.CreateContainer(contConfig)`| Create new container in the sandbox with the `ContainerConfig` parameter. It will add new container config to `sandbox.config.Containers`.|
+|`sandbox.DeleteContainer(containerID)`| Delete a container from the sandbox by `containerID`, return a `Container` structure.|
 |`sandbox.EnterContainer(containerID, cmd)`| Run a new process in a container, executing customer's `types.Cmd` command.|
-|`sandbox.KillContainer(containerID, signal, all)`| Signal a container in the sandbox by the containerID.|
-|`sandbox.PauseContainer(containerID)`| Pause a running container in the sandbox by the containerID.|
+|`sandbox.KillContainer(containerID, signal, all)`| Signal a container in the sandbox by the `containerID`.|
+|`sandbox.PauseContainer(containerID)`| Pause a running container in the sandbox by the `containerID`.|
 |`sandbox.ProcessListContainer(containerID, options)`| List every process running inside a specific container in the sandbox, return a `ProcessList` structure.|
-|`sandbox.ResumeContainer(containerID)`| Resume a paused container in the sandbox by the containerID.|
-|`sandbox.StartContainer(containerID)`| Start a container in the sandbox by the containerID.|
+|`sandbox.ResumeContainer(containerID)`| Resume a paused container in the sandbox by the `containerID`.|
+|`sandbox.StartContainer(containerID)`| Start a container in the sandbox by the `containerID`.|
 |`sandbox.StatsContainer(containerID)`| Get the stats of a running container, return a `ContainerStats` structure.|
 |`sandbox.StatusContainer(containerID)`| Get the status of a container in the sandbox, return a `ContainerStatus` structure.|
-|`sandbox.StopContainer(containerID, force)`| Stop a container in the sandbox by the containerID.|
+|`sandbox.StopContainer(containerID, force)`| Stop a container in the sandbox by the `containerID`.|
 |`sandbox.UpdateContainer(containerID, resources)`| Update a running container in the sandbox.|
 |`sandbox.WaitProcess(containerID, processID)`| Wait on a process to terminate.|
 ### Sandbox Hotplug API
@@ -57,7 +57,7 @@ To fulfill the [Kata design requirements](kata-design-requirements.md), and base
 |Name|Description|
 |---|---|
 |`sandbox.GetOOMEvent()`| Monitor the OOM events that occur in the sandbox..|
-|`sandbox.UpdateRuntimeMetrics()`| Update the shim/hypervisor's metrics of the running sandbox.|
+|`sandbox.UpdateRuntimeMetrics()`| Update the shim/`hypervisor`'s metrics of the running sandbox.|
 |`sandbox.GetAgentMetrics()`| Get metrics of the agent and the guest in the running sandbox.|

 ## Plugin framework for external proprietary Kata runtime extensions
--- a/docs/how-to/README.md
+++ b/docs/how-to/README.md
@@ -14,8 +14,17 @@
 - [How to import Kata Containers logs into Fluentd](how-to-import-kata-logs-with-fluentd.md)

 ## Hypervisors Integration
+
+  Currently supported hypervisors with Kata Containers include:
+- `qemu`
+- `cloud-hypervisor`
+- `firecracker`
+- `ACRN`
+
+  While `qemu` and `cloud-hypervisor` work out of the box with installation of Kata,
+  some additional configuration is needed in case of `firecracker` and `ACRN`.
+  Refer to the following guides for additional configuration steps:
 - [Kata Containers with Firecracker](https://github.com/kata-containers/documentation/wiki/Initial-release-of-Kata-Containers-with-Firecracker-support)
- [Kata Containers with NEMU](how-to-use-kata-containers-with-nemu.md)
 - [Kata Containers with ACRN Hypervisor](how-to-use-kata-containers-with-acrn.md)

 ## Advanced Topics
--- a/docs/how-to/how-to-import-kata-logs-with-fluentd.md
+++ b/docs/how-to/how-to-import-kata-logs-with-fluentd.md
@@ -185,7 +185,7 @@ in Kibana:
 ![Kata tags in EFK](./images/efk_syslog_entry_detail.png).

 We can however further sub-parse the Kata entries using the
-[Fluentd plugins](https://docs.fluentbit.io/manual/parser/logfmt) that will parse
+[Fluentd plugins](https://docs.fluentbit.io/manual/v/1.3/parser/logfmt) that will parse
 `logfmt` formatted data. We can utilise these to parse the sub-fields using a Fluentd filter
 section. At the same time, we will prefix the new fields with `kata_` to make it clear where
 they have come from:
--- a/docs/how-to/how-to-load-kernel-modules-with-kata.md
+++ b/docs/how-to/how-to-load-kernel-modules-with-kata.md
@@ -101,7 +101,7 @@ spec:
    tty: true
 ```

-> **Note**: To pass annotations to Kata containers, [cri must to be configurated correctly](how-to-set-sandbox-config-kata.md#cri-configuration)
+> **Note**: To pass annotations to Kata containers, [`CRI` must to be configured correctly](how-to-set-sandbox-config-kata.md#cri-configuration)

 [1]: ../../src/runtime
 [2]: ../../src/agent
--- a/docs/how-to/how-to-set-sandbox-config-kata.md
+++ b/docs/how-to/how-to-set-sandbox-config-kata.md
@@ -80,6 +80,8 @@ There are several kinds of Kata configurations and they are listed below.

 In case of CRI-O, all annotations specified in the pod spec are passed down to Kata.

+# containerd Configuration
+
 For containerd, annotations specified in the pod spec are passed down to Kata
 starting with version `1.3.0` of containerd. Additionally, extra configuration is
 needed for containerd, by providing a `pod_annotations` field in the containerd config
@@ -92,11 +94,9 @@ for passing annotations to Kata from containerd:
 $ cat /etc/containerd/config
 ....

-[plugins.cri.containerd.runtimes.kata]
-           runtime_type = "io.containerd.runc.v1"
+         [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
+           runtime_type = "io.containerd.kata.v2"
           pod_annotations = ["io.katacontainers.*"]
-           [plugins.cri.containerd.runtimes.kata.options]
-             BinaryName = "/usr/bin/kata-runtime"
 ....

 ```
--- a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md
+++ b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md
@@ -7,9 +7,10 @@
    * [Configure Kubelet to use containerd](#configure-kubelet-to-use-containerd)
    * [Configure HTTP proxy - OPTIONAL](#configure-http-proxy---optional)
 * [Start Kubernetes](#start-kubernetes)
-* [Install a Pod Network](#install-a-pod-network)
+* [Configure Pod Network](#configure-pod-network)
 * [Allow pods to run in the master node](#allow-pods-to-run-in-the-master-node)
-* [Create an untrusted pod using Kata Containers](#create-an-untrusted-pod-using-kata-containers)
+* [Create runtime class for Kata Containers](#create-runtime-class-for-kata-containers)
+* [Run pod in Kata Containers](#run-pod-in-kata-containers)
 * [Delete created pod](#delete-created-pod)

 This document describes how to set up a single-machine Kubernetes (k8s) cluster.
@@ -18,9 +19,6 @@ The Kubernetes cluster will use the
 [CRI containerd plugin](https://github.com/containerd/cri) and
 [Kata Containers](https://katacontainers.io) to launch untrusted workloads.

-For Kata Containers 1.5.0-rc2 and above, we will use `containerd-shim-kata-v2` (short as `shimv2` in this documentation)
-to launch Kata Containers. For the previous version of Kata Containers, the Pods are launched with `kata-runtime`.
-
 ## Requirements

 - Kubernetes, Kubelet, `kubeadm`
@@ -125,43 +123,33 @@ $ sudo systemctl daemon-reload
  $ sudo -E kubectl get pods
  ```

-## Install a Pod Network
+## Configure Pod Network

 A pod network plugin is needed to allow pods to communicate with each other.
+You can find more about CNI plugins from the [Creating a cluster with `kubeadm`](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions) guide.

- Install the `flannel` plugin by following the
-  [Using `kubeadm` to Create a Cluster](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#instructions)
-  guide, starting from the **Installing a pod network** section.
-
- Create a pod network using flannel
-
-  > **Note:** There is no known way to determine programmatically the best version (commit) to use.
-  > See https://github.com/coreos/flannel/issues/995.
+By default the CNI plugin binaries is installed under `/opt/cni/bin` (in package `kubernetes-cni`), you only need to create a configuration file for CNI plugin.

  ```bash
-  $ sudo -E kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
-  ```
+  $ sudo -E mkdir -p /etc/cni/net.d

- Wait for the pod network to become available
-
-  ```bash
-  # number of seconds to wait for pod network to become available
-  $ timeout_dns=420
-
-  $ while [ "$timeout_dns" -gt 0 ]; do
-      if sudo -E kubectl get pods --all-namespaces | grep dns | grep Running; then
-          break
-      fi
-
-      sleep 1s
-      ((timeout_dns--))
-   done
-  ```
-
- Check the pod network is running
-
-  ```bash
-  $ sudo -E kubectl get pods --all-namespaces | grep dns | grep Running && echo "OK" || ( echo "FAIL" && false )
+  $ sudo -E cat > /etc/cni/net.d/10-mynet.conf <<EOF
+  {
+    "cniVersion": "0.2.0",
+    "name": "mynet",
+    "type": "bridge",
+    "bridge": "cni0",
+    "isGateway": true,
+    "ipMasq": true,
+    "ipam": {
+      "type": "host-local",
+      "subnet": "172.19.0.0/24",
+      "routes": [
+        { "dst": "0.0.0.0/0" }
+      ]
+    }
+  }
+  EOF
  ```

 ## Allow pods to run in the master node
@@ -172,24 +160,38 @@ By default, the cluster will not schedule pods in the master node. To enable mas
 $ sudo -E kubectl taint nodes --all node-role.kubernetes.io/master-
 ```

-## Create an untrusted pod using Kata Containers
+## Create runtime class for Kata Containers

 By default, all pods are created with the default runtime configured in CRI containerd plugin.
+From Kubernetes v1.12, users can use [`RuntimeClass`](https://kubernetes.io/docs/concepts/containers/runtime-class/#runtime-class) to specify a different runtime for Pods.

-If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to `"true"`, the CRI plugin runs the pod with the
+```bash
+$ cat > runtime.yaml <<EOF
+apiVersion: node.k8s.io/v1beta1
+kind: RuntimeClass
+metadata:
+  name: kata
+handler: kata
+EOF
+
+$ sudo -E kubectl apply -f runtime.yaml
+```
+
+## Run pod in Kata Containers
+
+If a pod has the `runtimeClassName` set to `kata`, the CRI plugin runs the pod with the
 [Kata Containers runtime](../../src/runtime/README.md).

- Create an untrusted pod configuration
+- Create an pod configuration that using Kata Containers runtime

  ```bash
-  $ cat << EOT | tee nginx-untrusted.yaml
+  $ cat << EOT | tee nginx-kata.yaml
  apiVersion: v1
  kind: Pod
  metadata:
-    name: nginx-untrusted
-    annotations:
-      io.kubernetes.cri.untrusted-workload: "true"
+    name: nginx-kata
  spec:
+    runtimeClassName: kata
    containers:
    - name: nginx
      image: nginx
@@ -197,9 +199,9 @@ If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to `"true
  EOT
  ```

- Create an untrusted pod
+- Create the pod
  ```bash
-  $ sudo -E kubectl apply -f nginx-untrusted.yaml
+  $ sudo -E kubectl apply -f nginx-kata.yaml
  ```

 - Check pod is running
@@ -216,5 +218,5 @@ If a pod has the `io.kubernetes.cri.untrusted-workload` annotation set to `"true
 ## Delete created pod

 ```bash
-$ sudo -E kubectl delete -f nginx-untrusted.yaml
+$ sudo -E kubectl delete -f nginx-kata.yaml
 ```
--- a/docs/how-to/how-to-use-kata-containers-with-nemu.md
+++ b/docs/how-to/how-to-use-kata-containers-with-nemu.md
@@ -1,115 +0,0 @@
-
-# Kata Containers with NEMU
-
-* [Introduction](#introduction)
-* [Pre-requisites](#pre-requisites)
-* [NEMU](#nemu)
-    * [Download and build](#download-and-build)
-        * [x86_64](#x86_64)
-        * [aarch64](#aarch64)
-* [Configure Kata Containers](#configure-kata-containers)
-
-Kata Containers relies by default on the QEMU hypervisor in order to spawn the virtual machines running containers. [NEMU](https://github.com/intel/nemu) is a fork of QEMU that:
- Reduces the number of lines of code.
- Removes all legacy devices.
- Reduces the emulation as far as possible.
-
-## Introduction
-
-This document describes how to run Kata Containers with NEMU, first by explaining how to download, build and install it. Then it walks through the steps needed to update your Kata Containers configuration in order to run with NEMU. 
-
-## Pre-requisites
-This document requires Kata Containers to be [installed](../install/README.md) on your system.
-
-Also, it's worth noting that NEMU only supports `x86_64` and `aarch64` architecture.
-
-## NEMU
-
-### Download and build
-
-```bash
-$ git clone https://github.com/intel/nemu.git
-$ cd nemu
-$ git fetch origin
-$ git checkout origin/experiment/automatic-removal
-```
-#### x86_64
-```
-$ SRCDIR=$PWD ./tools/build_x86_64_virt.sh
-```
-#### aarch64
-```
-$ SRCDIR=$PWD ./tools/build_aarch64.sh
-```
-
-> **Note:** The branch `experiment/automatic-removal` is a branch published by Jenkins after it has applied the automatic removal script to the `topic/virt-x86` branch. The purpose of this code removal being to reduce the source tree by removing files not being used by NEMU.
-
-After those commands have successfully returned, you will find the NEMU binary at `$HOME/build-x86_64_virt/x86_64_virt-softmmu/qemu-system-x86_64_virt` (__x86__), or `$HOME/build-aarch64/aarch64-softmmu/qemu-system-aarch64` (__ARM__).
-
-You also need the `OVMF` firmware in order to boot the virtual machine's kernel. It can currently be found at this [location](https://github.com/intel/ovmf-virt/releases).
-```bash
-$ sudo mkdir -p /usr/share/nemu
-$ OVMF_URL=$(curl -sL https://api.github.com/repos/intel/ovmf-virt/releases/latest | jq -S '.assets[0].browser_download_url')
-$ curl -o OVMF.fd -L $(sed -e 's/^"//' -e 's/"$//' <<<"$OVMF_URL")
-$ sudo install -o root -g root -m 0640 OVMF.fd /usr/share/nemu/
-```
-> **Note:** The OVMF firmware will be located at this temporary location until the changes can be pushed upstream.
-
-
-## Configure Kata Containers
-All you need from this section is to modify the configuration file `/usr/share/defaults/kata-containers/configuration.toml` to specify the options related to the hypervisor.
-
-
-```diff
- [hypervisor.qemu]
-path = "/usr/bin/qemu-lite-system-x86_64"
-+path = "/home/foo/build-x86_64_virt/x86_64_virt-softmmu/qemu-system-x86_64_virt"
- kernel = "/usr/share/kata-containers/vmlinuz.container"
- initrd = "/usr/share/kata-containers/kata-containers-initrd.img"
- image = "/usr/share/kata-containers/kata-containers.img"
-machine_type = "pc"
-+machine_type = "virt"
- 
- # Optional space-separated list of options to pass to the guest kernel.
- # For example, use `kernel_params = "vsyscall=emulate"` if you are having
-@@ -31,7 +31,7 @@
- 
- # Path to the firmware.
- # If you want that qemu uses the default firmware leave this option empty
-firmware = ""
-+firmware = "/usr/share/nemu/OVMF.fd"
- 
- # Machine accelerators
- # comma-separated list of machine accelerators to pass to the hypervisor.
-```
-
-As you can see from this snippet above, all you need to change is:
- The path to the hypervisor binary, `/home/foo/build-x86_64_virt/x86_64_virt-softmmu/qemu-system-x86_64_virt` in this example.
- The machine type from `pc` to `virt`.
- The path to the firmware binary, `/usr/share/nemu/OVMF.fd` in this example.
-
-Once you have saved those modifications, you can start a new container:
-```bash
-$ docker run --runtime=kata-runtime -it busybox
-```
-And you will be able to verify this new container is running with the NEMU hypervisor by looking for the hypervisor path and the machine type from the `qemu` process running on your system:
-```bash
-$ ps -aux | grep qemu
-root ... /home/foo/build-x86_64_virt/x86_64_virt-softmmu/qemu-system-x86_64_virt
-...  -machine virt,accel=kvm,kernel_irqchip,nvdimm ...
-```
-
-Also relying on `kata-runtime kata-env` is a reliable way to validate you are using the expected hypervisor:
-```bash
-$ kata-runtime kata-env | awk -v RS= '/\[Hypervisor\]/'
-[Hypervisor]
-  MachineType = "virt"
-  Version = "NEMU (like QEMU) version 3.0.0 (v3.0.0-179-gaf9a791)\nCopyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers"
-  Path = "/home/foo/build-x86_64_virt/x86_64_virt-softmmu/qemu-system-x86_64_virt"
-  BlockDeviceDriver = "virtio-scsi"
-  EntropySource = "/dev/urandom"
-  Msize9p = 8192
-  MemorySlots = 10
-  Debug = true
-  UseVSock = false
-```
--- a/docs/how-to/how-to-use-virtio-fs-with-kata.md
+++ b/docs/how-to/how-to-use-virtio-fs-with-kata.md
@@ -1,61 +1,12 @@
 # Kata Containers with virtio-fs

- [Introduction](#introduction)
- [Pre-requisites](#pre-requisites)
- [Install Kata Containers with virtio-fs support](#install-kata-containers-with-virtio-fs-support)
- [Run a Kata Container utilizing virtio-fs](#run-a-kata-container-utilizing-virtio-fs)
+- [Kata Containers with virtio-fs](#kata-containers-with-virtio-fs)
+  - [Introduction](#introduction)

 ## Introduction

 Container deployments utilize explicit or implicit file sharing between host filesystem and containers. From a trust perspective, avoiding a shared file-system between the trusted host and untrusted container is recommended. This is not always feasible. In Kata Containers, block-based volumes are preferred as they allow usage of either device pass through or `virtio-blk` for access within the virtual machine.

-As of the 1.7 release of Kata Containers, [9pfs](https://www.kernel.org/doc/Documentation/filesystems/9p.txt) is the default filesystem sharing mechanism. While this does allow for workload compatibility, it does so with degraded performance and potential for POSIX compliance limitations.
+As of the 2.0 release of Kata Containers, [virtio-fs](https://virtio-fs.gitlab.io/) is the default filesystem sharing mechanism.

-To help address these limitations, [virtio-fs](https://virtio-fs.gitlab.io/) has been developed. virtio-fs is a shared file system that lets virtual machines access a directory tree on the host. In Kata Containers, virtio-fs can be used to share container volumes, secrets, config-maps, configuration files (hostname, hosts, `resolv.conf`) and the container rootfs on the host with the guest.  virtio-fs provides significant performance and POSIX compliance improvements compared to 9pfs.
-
-Enabling of virtio-fs requires changes in the guest kernel as well as the VMM. For Kata Containers, experimental virtio-fs support is enabled through `qemu` and `cloud-hypervisor` VMMs.
-
-**Note: virtio-fs support is experimental in the 1.7 release of Kata Containers. Work is underway to improve stability, performance and upstream integration. This is available for early preview - use at your own risk**
-
-This document describes how to get Kata Containers to work with virtio-fs.
-
-## Pre-requisites
-
-Before Kata 1.8 this feature required the host to have hugepages support enabled. Enable this with the `sysctl vm.nr_hugepages=1024` command on the host.In later versions of Kata, virtio-fs leverages `/dev/shm` as the shared memory backend. The default size of `/dev/shm` on a system is typically half of the total system memory. This can pose a physical limit to the maximum number of pods that can be launched with virtio-fs. This can be overcome by increasing the size of `/dev/shm` as shown below:
-
-```bash
-$ mount -o remount,size=${desired_shm_size} /dev/shm
-```
- 
-## Install Kata Containers with virtio-fs support
-
-The Kata Containers `qemu` configuration with virtio-fs and the `virtiofs` daemon are available in the [Kata Container release](https://github.com/kata-containers/runtime/releases) artifacts starting with the 1.9 release. Installation is available through [distribution packages](https://github.com/kata-containers/documentation/blob/master/install/README.md#supported-distributions) as well through [`kata-deploy`](https://github.com/kata-containers/packaging/tree/master/kata-deploy).
-
-**Note: Support for virtio-fs was first introduced in `NEMU` hypervisor in Kata 1.8 release. This hypervisor has been deprecated.**
-
-Install the latest release of Kata with `kata-deploy` as follows:
-```
-docker run --runtime=runc -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install
-```
-
-This will place the Kata release artifacts in `/opt/kata`, and update Docker's configuration to include a runtime target, `kata-qemu-virtiofs`. Learn more about `kata-deploy` and how to use `kata-deploy` in Kubernetes [here](https://github.com/kata-containers/packaging/tree/master/kata-deploy#kubernetes-quick-start).
-
-## Run a Kata Container utilizing virtio-fs
-
-Once installed, start a new container, utilizing `qemu` + `virtiofs`:
-```bash
-$ docker run --runtime=kata-qemu-virtiofs -it busybox
-```
-
-Verify the new container is running with the `qemu` hypervisor as well as using `virtiofsd`. To do this look for the hypervisor path and the `virtiofs` daemon process on the host:
-```bash
-$ ps -aux | grep virtiofs
-root ... /home/foo/build-x86_64_virt/x86_64_virt-softmmu/qemu-system-x86_64_virt
-...  -machine virt,accel=kvm,kernel_irqchip,nvdimm ...
-root ... /home/foo/build-x86_64_virt/virtiofsd-x86_64 ...
-```
-
-You can also try out virtio-fs using `cloud-hypervisor` VMM:
-```bash
-$ docker run --runtime=kata-clh -it busybox
-```
+virtio-fs support works out of the box for `cloud-hypervisor` and `qemu`, when Kata Containers is deployed using `kata-deploy`. Learn more about `kata-deploy` and how to use `kata-deploy` in Kubernetes [here](https://github.com/kata-containers/packaging/tree/master/kata-deploy#kubernetes-quick-start).
--- a/docs/install/README.md
+++ b/docs/install/README.md
@@ -52,7 +52,6 @@ Kata packages are provided by official distribution repositories for:
 | [CentOS](centos-installation-guide.md)                   | 8                                                                              |
 | [Fedora](fedora-installation-guide.md)                   | 32, Rawhide                                                                    |
 | [openSUSE](opensuse-installation-guide.md)               | [Leap 15.1](opensuse-leap-15.1-installation-guide.md)<br>Leap 15.2, Tumbleweed |
-| [SUSE Linux Enterprise (SLE)](sle-installation-guide.md) | SLE 15 SP1, 15 SP2                                                             |

 > **Note::**
 >
--- a/docs/install/centos-installation-guide.md
+++ b/docs/install/centos-installation-guide.md
@@ -3,15 +3,9 @@
 1. Install the Kata Containers components with the following commands:

   ```bash
+   $ sudo -E dnf install -y centos-release-advanced-virtualization
+   $ sudo -E dnf module disable -y virt:rhel
   $ source /etc/os-release
-   $ cat <<EOF | sudo -E tee /etc/yum.repos.d/advanced-virt.repo
-     [advanced-virt]
-     name=Advanced Virtualization
-     baseurl=http://mirror.centos.org/\$contentdir/\$releasever/virt/\$basearch/advanced-virtualization
-     enabled=1
-     gpgcheck=1
-     skip_if_unavailable=1
-     EOF
   $ cat <<EOF | sudo -E tee /etc/yum.repos.d/kata-containers.repo
     [kata-containers]
     name=Kata Containers
@@ -20,8 +14,7 @@
     gpgcheck=1
     skip_if_unavailable=1
     EOF
-   $ sudo -E dnf module disable -y virt:rhel
-   $ sudo -E dnf install -y kata-runtime
+   $ sudo -E dnf install -y kata-containers
   ```

 2. Decide which container manager to use and select the corresponding link that follows:
--- a/docs/install/fedora-installation-guide.md
+++ b/docs/install/fedora-installation-guide.md
@@ -3,7 +3,7 @@
 1. Install the Kata Containers components with the following commands:

   ```bash
-   $ sudo -E dnf -y install kata-runtime
+   $ sudo -E dnf -y install kata-containers
   ```

 2. Decide which container manager to use and select the corresponding link that follows:
--- a/docs/install/sle-installation-guide.md
+++ b/docs/install/sle-installation-guide.md
@@ -1,13 +0,0 @@
-# Install Kata Containers on SLE
-
-1. Install the Kata Containers components with the following commands:
-
-   ```bash
-   $ source /etc/os-release
-   $ DISTRO_VERSION=$(sed "s/-/_/g" <<< "$VERSION")
-   $ sudo -E zypper addrepo --refresh "https://download.opensuse.org/repositories/devel:/kubic/SLE_${DISTRO_VERSION}_Backports/devel:kubic.repo"
-   $ sudo -E zypper -n --gpg-auto-import-keys install katacontainers
-   ```
-
-2. Decide which container manager to use and select the corresponding link that follows:
-   - [Kubernetes](../Developer-Guide.md#run-kata-containers-with-kubernetes)
--- a/docs/install/snap-installation-guide.md
+++ b/docs/install/snap-installation-guide.md
@@ -1,13 +1,58 @@
-# Install Kata Containers from `snapcraft.io`
+# Kata Containers snap package
+
+* [Install Kata Containers](#install-kata-containers)
+* [Configure Kata Containers](#configure-kata-containers)
+* [Integration with shim v2 Container Engines](#integration-with-shim-v2-container-engines)
+* [Remove Kata Containers snap package](#remove-kata-containers-snap-package)
+
+
+## Install Kata Containers

 Kata Containers can be installed in any Linux distribution that supports
 [snapd](https://docs.snapcraft.io/installing-snapd).

-Run the following command to install Kata Containers:
+Run the following command to install **Kata Containers**:

-   ```bash
-   $ sudo snap install kata-containers --classic
-   ```
+```sh
+$ sudo snap install kata-containers --candidate --classic
+```

-For further information on integrating and configuring the `snap` Kata Containers install,
-refer to the [Kata Containers packaging `snap` documentation](https://github.com/kata-containers/packaging/blob/master/snap/README.md#configure-kata-containers).
+## Configure Kata Containers
+
+By default Kata Containers snap image is mounted at `/snap/kata-containers` as a
+read-only file system, therefore default configuration file can not be edited.
+Fortunately Kata Containers supports loading a configuration file from another
+path than the default.
+
+```sh
+$ sudo mkdir -p /etc/kata-containers
+$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
+$ $EDITOR /etc/kata-containers/configuration.toml
+```
+
+## Integration with shim v2 Container Engines
+
+The Container engine daemon (`cri-o`, `containerd`, etc) needs to be able to find the
+`containerd-shim-kata-v2` binary to allow Kata Containers to be created.
+Run the following command to create a symbolic link to the shim v2 binary.
+
+```sh
+$ sudo ln -sf /snap/kata-containers/current/usr/bin/containerd-shim-kata-v2 /usr/local/bin/containerd-shim-kata-v2
+```
+
+Once the symbolic link has been created and the engine daemon configured, `io.containerd.kata.v2`
+can be used as runtime.
+
+Read the following documents to know how to run Kata Containers 2.x with `containerd`.
+
+* [How to use Kata Containers and Containerd](https://github.com/kata-containers/kata-containers/blob/main/docs/how-to/containerd-kata.md)
+* [Install Kata Containers with containerd](https://github.com/kata-containers/kata-containers/blob/main/docs/install/container-manager/containerd/containerd-install.md)
+
+
+## Remove Kata Containers snap package
+
+Run the following command to remove the Kata Containers snap:
+
+```sh
+$ sudo snap remove kata-containers
+```
--- a/docs/install/ubuntu-installation-guide.md
+++ b/docs/install/ubuntu-installation-guide.md
@@ -1,15 +0,0 @@
-# Install Kata Containers on Ubuntu
-
-1. Install the Kata Containers components with the following commands:
-
-   ```bash
-   $ ARCH=$(arch)
-   $ BRANCH="${BRANCH:-master}"
-   $ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list"
-   $ curl -sL  http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
-   $ sudo -E apt-get update
-   $ sudo -E apt-get -y install kata-runtime kata-proxy kata-shim
-   ```
-
-2. Decide which container manager to use and select the corresponding link that follows:
-   - [Kubernetes](../Developer-Guide.md#run-kata-containers-with-kubernetes)
--- a/docs/use-cases/zun_kata.md
+++ b/docs/use-cases/zun_kata.md
@@ -10,9 +10,6 @@ Currently, the instructions are based on the following links:

 - https://docs.openstack.org/zun/latest/admin/clear-containers.html

- ../install/ubuntu-installation-guide.md
-
-
 ## Install Git to use with DevStack

 ```sh
@@ -54,7 +51,7 @@ $ zun delete test

 ## Install Kata Containers

-Follow [these instructions](../install/ubuntu-installation-guide.md)
+Follow [these instructions](../install/README.md)
 to install the Kata Containers components.

 ## Update Docker with new Kata Containers runtime
--- a/pkg/logging/src/lib.rs
+++ b/pkg/logging/src/lib.rs
@@ -93,9 +93,7 @@ impl HashSerializer {
        // Take care to only add the first instance of a key. This matters for loggers (but not
        // Records) since a child loggers have parents and the loggers are serialised child first
        // meaning the *newest* fields are serialised first.
-        if !self.fields.contains_key(&key) {
-            self.fields.insert(key, value);
-        }
+        self.fields.entry(key).or_insert(value);
    }

    fn remove_field(&mut self, key: &str) {
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -21,20 +21,10 @@ parts:
      version="9999"
      kata_url="https://github.com/kata-containers/kata-containers"

-      image_info="${SNAPCRAFT_IMAGE_INFO:-}"
-      snap_env="$(echo "${image_info}" | egrep -o "build_url.*" | egrep -o "snap.*build" | cut -d/ -f2)"
-
-      case "${snap_env}" in
-        stable)
-          # Get the latest stable version
-          version=$(git ls-remote --tags ${kata_url}  | egrep -o "refs.*" | egrep -v "\-alpha|\-rc|{}" | egrep -o "[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+" | sort -V -r | head -1)
-          git checkout ${version}
-        ;;
-
-        *-dev)
-          version="${snap_env}"
-        ;;
-      esac
+      if echo "${GITHUB_REF}" | grep -q -E "^refs/tags"; then
+        version=$(echo ${GITHUB_REF} | cut -d/ -f3)
+        git checkout ${version}
+      fi

      snapcraftctl set-grade "stable"
      snapcraftctl set-version "${version}"
@@ -67,15 +57,10 @@ parts:
        *) echo "unsupported architecture: $(uname -m)"; exit 1;;
      esac

-      # Workaround to get latest release from github (to not use github token).
-      # Get the redirection to latest release on github.
-      yq_latest_url=$(curl -Ls -o /dev/null -w %{url_effective} "https://${yq_pkg}/releases/latest")
-      # The redirected url should include the latest release version
-      # https://github.com/mikefarah/yq/releases/tag/<VERSION-HERE>
-      yq_version=$(basename "${yq_latest_url}")
+      yq_version=3.4.1
      yq_url="https://${yq_pkg}/releases/download/${yq_version}/yq_${goos}_${goarch}"
-      curl -o "${yq_path}" -LSsf ${yq_url}
-      chmod +x ${yq_path}
+      curl -o "${yq_path}" -LSsf "${yq_url}"
+      chmod +x "${yq_path}"

      kata_dir=gopath/src/github.com/${SNAPCRAFT_PROJECT_NAME}/${SNAPCRAFT_PROJECT_NAME}
      version="$(${yq_path} r ${kata_dir}/versions.yaml languages.golang.meta.newest-version)"
@@ -84,7 +69,7 @@ parts:
      tar -xf ${tarfile} --strip-components=1

  image:
-    after: [godeps]
+    after: [godeps, qemu, kernel]
    plugin: nil
    build-packages:
      - docker.io
@@ -104,6 +89,8 @@ parts:
      export GOROOT=${SNAPCRAFT_STAGE}
      export PATH="${GOROOT}/bin:${PATH}"

+      http_proxy=${http_proxy:-""}
+      https_proxy=${https_proxy:-""}
      if [ -n "$http_proxy" ]; then
        echo "Setting proxy $http_proxy"
        sudo -E systemctl set-environment http_proxy=$http_proxy || true
@@ -184,7 +171,7 @@ parts:
      fi

  kernel:
-    after: [godeps, image]
+    after: [godeps]
    plugin: nil
    build-packages:
      - libelf-dev
@@ -198,8 +185,8 @@ parts:

      cd ${kata_dir}/tools/packaging/kernel

-      # Say 'no' to everithing, fix issues with incomplete .config files
-      yes "n" | ./build-kernel.sh setup
+      # Setup and build kernel
+      ./build-kernel.sh -d setup
      kernel_dir_prefix="kata-linux-"
      cd ${kernel_dir_prefix}*
      version=$(basename ${PWD} | sed 's|'"${kernel_dir_prefix}"'||' | cut -d- -f1)
@@ -221,7 +208,7 @@ parts:

  qemu:
    plugin: make
-    after: [godeps, runtime]
+    after: [godeps]
    build-packages:
      - gcc
      - python3
--- a/src/agent/.gitignore
+++ b/src/agent/.gitignore
@@ -0,0 +1 @@
+tarpaulin-report.html
--- a/src/agent/.rustfmt.toml
+++ b/src/agent/.rustfmt.toml
@@ -0,0 +1 @@
+edition = "2018"
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -1,31 +1,46 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
 [[package]]
-name = "adler32"
-version = "1.0.4"
+name = "addr2line"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d2e7343e7fc9de883d1b0341e0b13970f764c14101234857d2ddafa1cb1cac2"
+checksum = "1b6a2d3371669ab3ca9797670853d61402b03d0b4b9ebf33d677dfa720203072"
+dependencies = [
+ "gimli",
+]
+
+[[package]]
+name = "adler"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee2a4ec343196209d6594e19543ae87a39f96d5534d7174822a3ad825dd6ed7e"
+
+[[package]]
+name = "adler32"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234"

 [[package]]
 name = "aho-corasick"
-version = "0.7.10"
+version = "0.7.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8716408b8bc624ed7f65d223ddb9ac2d044c0547b6fa4b0d554f3a9540496ada"
+checksum = "b476ce7103678b0c6d3d395dbbae31d48ff910bd28be979ba5d48c6351131d0d"
 dependencies = [
 "memchr",
 ]

 [[package]]
 name = "anyhow"
-version = "1.0.32"
+version = "1.0.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b602bfe940d21c130f3895acd65221e8a61270debe89d628b9cb4e3ccb8569b"
+checksum = "a1fd36ffbb1fb7c834eac128ea8d0e310c5aeb635548f9d58861e1308d46e71c"

 [[package]]
 name = "arc-swap"
-version = "0.4.6"
+version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b585a98a234c46fc563103e9278c9391fde1f4e6850334da895d27edb9580f62"
+checksum = "4d25d88fd6b8041580a654f9d0c581a047baee2b3efee13275f2fc392fc75034"

 [[package]]
 name = "arrayref"
@@ -41,15 +56,29 @@ checksum = "cff77d8686867eceff3105329d4698d96c2391c176d5d03adc90c7389162b5b8"

 [[package]]
 name = "autocfg"
-version = "1.0.0"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d"
+checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
+
+[[package]]
+name = "backtrace"
+version = "0.3.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "707b586e0e2f247cbde68cdd2c3ce69ea7b7be43e1c5b426e37c9319c4b9838e"
+dependencies = [
+ "addr2line",
+ "cfg-if 1.0.0",
+ "libc",
+ "miniz_oxide",
+ "object",
+ "rustc-demangle",
+]

 [[package]]
 name = "base64"
-version = "0.11.0"
+version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b41b7ea54a0c9d92199de89e20e58d49f02f8e699814ef3fdf266f6f748d15c7"
+checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"

 [[package]]
 name = "bitflags"
@@ -74,6 +103,16 @@ version = "1.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"

+[[package]]
+name = "bytes"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "206fdffcfa2df7cbe15601ef46c813fce0965eb3286db6b56c583b814b51c81c"
+dependencies = [
+ "byteorder",
+ "iovec",
+]
+
 [[package]]
 name = "caps"
 version = "0.3.4"
@@ -87,9 +126,9 @@ dependencies = [

 [[package]]
 name = "cc"
-version = "1.0.54"
+version = "1.0.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7bbb73db36c1246e9034e307d0fba23f9a2e251faa47ade70c1bd252220c8311"
+checksum = "ed67cbde08356238e75fc4656be4749481eeffb09e19f320a25237d5221c985d"

 [[package]]
 name = "cfg-if"
@@ -97,6 +136,12 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"

+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
 [[package]]
 name = "cgroups"
 version = "0.1.1-alpha.0"
@@ -110,13 +155,15 @@ dependencies = [

 [[package]]
 name = "chrono"
-version = "0.4.11"
+version = "0.4.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "80094f509cf8b5ae86a4966a39b3ff66cd7e2a3e594accec3743ff3fabeab5b2"
+checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
 dependencies = [
+ "libc",
 "num-integer",
 "num-traits",
 "time",
+ "winapi",
 ]

 [[package]]
@@ -140,14 +187,14 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba125de2af0df55319f41944744ad91c71113bf74a4646efff39afe1f6842db1"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 ]

 [[package]]
 name = "crossbeam-channel"
-version = "0.4.2"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cced8691919c02aac3cb0a1bc2e9b73d89e832bf9a06fc579d4e71b68a2da061"
+checksum = "b153fe7cbef478c567df0f972e02e6d736db11affe43dfc9c56a9374d1adfb87"
 dependencies = [
 "crossbeam-utils",
 "maybe-uninit",
@@ -160,10 +207,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3c7c73a2d1e9fc0886a08b93e98eb643461230d5f1925e4036204d5f2e261a8"
 dependencies = [
 "autocfg",
- "cfg-if",
+ "cfg-if 0.1.10",
 "lazy_static",
 ]

+[[package]]
+name = "derive-new"
+version = "0.5.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71f31892cd5c62e414316f2963c5689242c43d8e7bbcaaeca97e5e28c95d91d9"
+dependencies = [
+ "proc-macro2 1.0.24",
+ "quote 1.0.7",
+ "syn 1.0.45",
+]
+
 [[package]]
 name = "dirs"
 version = "3.0.1"
@@ -185,10 +243,16 @@ dependencies = [
 ]

 [[package]]
-name = "errno"
-version = "0.2.5"
+name = "either"
+version = "1.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b480f641ccf0faf324e20c1d3e53d81b7484c698b42ea677f6907ae4db195371"
+checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
+
+[[package]]
+name = "errno"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6eab5ee3df98a279d9b316b1af6ac95422127b1290317e6d18c1743c99418b01"
 dependencies = [
 "errno-dragonfly",
 "libc",
@@ -207,13 +271,28 @@ dependencies = [

 [[package]]
 name = "error-chain"
-version = "0.12.2"
+version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d371106cc88ffdfb1eabd7111e432da544f16f3e2d7bf1dfe8bf575f1df045cd"
+checksum = "2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc"
 dependencies = [
 "version_check",
 ]

+[[package]]
+name = "failure"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86"
+dependencies = [
+ "backtrace",
+]
+
+[[package]]
+name = "fixedbitset"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86d4de0081402f5e88cdac65c8dcdcc73118c1a7a465e2a05f0da05843a8ea33"
+
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -222,9 +301,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"

 [[package]]
 name = "futures"
-version = "0.1.29"
+version = "0.1.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b980f2816d6ee8673b6517b52cb0e808a180efc92e5c19d02cdda79066703ef"
+checksum = "4c7e4c2612746b0df8fed4ce0c69156021b704c9aefa360311c04e6e9e002eed"

 [[package]]
 name = "gcc"
@@ -234,13 +313,28 @@ checksum = "8f5f3913fa0bfe7ee1fd8248b6b9f42a5af4b9d65ec2dd2c3c26132b950ecfc2"

 [[package]]
 name = "getrandom"
-version = "0.1.14"
+version = "0.1.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb"
+checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "libc",
- "wasi",
+ "wasi 0.9.0+wasi-snapshot-preview1",
+]
+
+[[package]]
+name = "gimli"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aaf91faf136cb47367fa430cd46e37a788775e7fa104f8b4bcb3861dc389b724"
+
+[[package]]
+name = "heck"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205"
+dependencies = [
+ "unicode-segmentation",
 ]

 [[package]]
@@ -250,10 +344,28 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35"

 [[package]]
-name = "itoa"
-version = "0.4.5"
+name = "iovec"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8b7a7c0c47db5545ed3fef7468ee7bb5b74691498139e4b3f6a20685dc6dd8e"
+checksum = "b2b3ea6ff95e175473f8ffe6a7eb7c00d054240321b84c57051175fe3c1e075e"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "itertools"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f56a2d0bc861f9165be4eb3442afd3c236d8a98afd426f65d92324ae1091a484"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "itoa"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6"

 [[package]]
 name = "kata-agent"
@@ -292,15 +404,15 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"

 [[package]]
 name = "libc"
-version = "0.2.77"
+version = "0.2.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2f96b10ec2560088a8e76961b00d47107b3a625fecb76dedb29ee7ccbf98235"
+checksum = "2448f6066e80e3bfc792e9c98bf705b4b0fc6e8ef5b43e5889aff0eaa9c58743"

 [[package]]
 name = "libflate"
-version = "1.0.0"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1fbe6b967a94346446d37ace319ae85be7eca261bb8149325811ac435d35d64"
+checksum = "e9bac9023e1db29c084f9f8cd9d3852e5e8fddf98fb47c4964a0ea4663d95949"
 dependencies = [
 "adler32",
 "crc32fast",
@@ -325,11 +437,11 @@ dependencies = [

 [[package]]
 name = "log"
-version = "0.4.8"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7"
+checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 ]

 [[package]]
@@ -355,6 +467,22 @@ version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"

+[[package]]
+name = "miniz_oxide"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f2d26ec3309788e423cfbf68ad1800f061638098d76a83681af979dc4eda19d"
+dependencies = [
+ "adler",
+ "autocfg",
+]
+
+[[package]]
+name = "multimap"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2eb04b9f127583ed176e163fb9ec6f3e793b87e21deedd5734a69386a18a0151"
+
 [[package]]
 name = "netlink"
 version = "0.1.0"
@@ -375,7 +503,7 @@ checksum = "dd0eaf8df8bab402257e0a5c17a254e4cc1f72a93588a1ddfb5d356c801aa7cb"
 dependencies = [
 "bitflags",
 "cc",
- "cfg-if",
+ "cfg-if 0.1.10",
 "libc",
 "void",
 ]
@@ -388,7 +516,7 @@ checksum = "50e4785f2c3b7589a0d0c1dd60285e1188adac4006e8abd6dd578e1567027363"
 dependencies = [
 "bitflags",
 "cc",
- "cfg-if",
+ "cfg-if 0.1.10",
 "libc",
 "void",
 ]
@@ -401,15 +529,27 @@ checksum = "83450fe6a6142ddd95fb064b746083fc4ef1705fe81f64a64e1d4b39f54a1055"
 dependencies = [
 "bitflags",
 "cc",
- "cfg-if",
+ "cfg-if 0.1.10",
+ "libc",
+]
+
+[[package]]
+name = "nix"
+version = "0.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85db2feff6bf70ebc3a4793191517d5f0331100a2f10f9bf93b5e5214f32b7b7"
+dependencies = [
+ "bitflags",
+ "cc",
+ "cfg-if 0.1.10",
 "libc",
 ]

 [[package]]
 name = "num-integer"
-version = "0.1.42"
+version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f6ea62e9d81a77cd3ee9a2a5b9b609447857f3d358704331e4ef39eb247fcba"
+checksum = "8d59457e662d541ba17869cf51cf177c0b5f0cbf476c66bdc90bf1edac4f875b"
 dependencies = [
 "autocfg",
 "num-traits",
@@ -417,13 +557,19 @@ dependencies = [

 [[package]]
 name = "num-traits"
-version = "0.2.11"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c62be47e61d1842b9170f0fdeec8eba98e60e90e5446449a0545e5152acd7096"
+checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611"
 dependencies = [
 "autocfg",
 ]

+[[package]]
+name = "object"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "37fd5004feb2ce328a52b0b3d01dbf4ffff72583493900ed15f22d4111c51693"
+
 [[package]]
 name = "oci"
 version = "0.1.0"
@@ -450,7 +596,7 @@ version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d58c7c768d4ba344e3e8d72518ac13e259d7c7ade24167003b8488e10b6740a3"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "cloudabi",
 "libc",
 "redox_syscall",
@@ -478,10 +624,19 @@ dependencies = [
 ]

 [[package]]
-name = "ppv-lite86"
-version = "0.2.8"
+name = "petgraph"
+version = "0.4.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "237a5ed80e274dbc66f86bd59c1e25edc039660be53194b5fe0a482e0f2612ea"
+checksum = "9c3659d1ee90221741f65dd128d9998311b0e40c5d3c23a62445938214abce4f"
+dependencies = [
+ "fixedbitset",
+]
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c36fa947111f5c62a733b652544dd0016a43ce89619538a8ef92724a6f501a20"

 [[package]]
 name = "prctl"
@@ -490,16 +645,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52"
 dependencies = [
 "libc",
- "nix 0.18.0",
+ "nix 0.19.0",
 ]

 [[package]]
 name = "proc-macro2"
-version = "1.0.17"
+version = "0.4.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1502d12e458c49a4c9cbff560d0fe0060c252bc29799ed94ca2ed4bb665a0101"
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
 dependencies = [
- "unicode-xid",
+ "unicode-xid 0.1.0",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
+dependencies = [
+ "unicode-xid 0.2.1",
 ]

 [[package]]
@@ -523,7 +687,7 @@ version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dd0ced56dee39a6e960c15c74dc48849d614586db2eaada6497477af7c7811cd"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "fnv",
 "lazy_static",
 "libc",
@@ -533,6 +697,58 @@ dependencies = [
 "thiserror",
 ]

+[[package]]
+name = "prost"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96d14b1c185652833d24aaad41c5832b0be5616a590227c1fbff57c616754b23"
+dependencies = [
+ "byteorder",
+ "bytes",
+ "prost-derive",
+]
+
+[[package]]
+name = "prost-build"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eb788126ea840817128183f8f603dce02cb7aea25c2a0b764359d8e20010702e"
+dependencies = [
+ "bytes",
+ "heck",
+ "itertools",
+ "log",
+ "multimap",
+ "petgraph",
+ "prost",
+ "prost-types",
+ "tempfile",
+ "which",
+]
+
+[[package]]
+name = "prost-derive"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e7dc378b94ac374644181a2247cebf59a6ec1c88b49ac77f3a94b86b79d0e11"
+dependencies = [
+ "failure",
+ "itertools",
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "syn 0.15.44",
+]
+
+[[package]]
+name = "prost-types"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1de482a366941c8d56d19b650fac09ca08508f2a696119ee7513ad590c8bac6f"
+dependencies = [
+ "bytes",
+ "prost",
+]
+
 [[package]]
 name = "protobuf"
 version = "2.14.0"
@@ -565,15 +781,25 @@ dependencies = [
 "futures",
 "protobuf",
 "ttrpc",
+ "ttrpc-codegen",
 ]

 [[package]]
 name = "quote"
-version = "1.0.6"
+version = "0.6.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "54a21852a652ad6f610c9510194f398ff6f8692e334fd1145fed931f7fbe44ea"
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
 dependencies = [
- "proc-macro2",
+ "proc-macro2 0.4.30",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
+dependencies = [
+ "proc-macro2 1.0.24",
 ]

 [[package]]
@@ -619,15 +845,15 @@ dependencies = [

 [[package]]
 name = "redox_syscall"
-version = "0.1.56"
+version = "0.1.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2439c63f3f6139d1b57529d16bc3b8bb855230c8efcc5d3a896c8bea7c3b1e84"
+checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce"

 [[package]]
 name = "redox_users"
-version = "0.3.4"
+version = "0.3.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09b23093265f8d200fa7b4c2c76297f47e681c655f6f1285a8780d6a022f7431"
+checksum = "de0737333e7a9502c789a36d7c7fa6092a49895d4faa31ca5df163857ded2e9d"
 dependencies = [
 "getrandom",
 "redox_syscall",
@@ -636,9 +862,9 @@ dependencies = [

 [[package]]
 name = "regex"
-version = "1.3.7"
+version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6020f034922e3194c711b82a627453881bc4682166cabb07134a10c26ba7692"
+checksum = "8963b85b8ce3074fecffde43b4b0dded83ce2f367dc8d363afc56679f3ee820b"
 dependencies = [
 "aho-corasick",
 "memchr",
@@ -648,15 +874,15 @@ dependencies = [

 [[package]]
 name = "regex-syntax"
-version = "0.6.17"
+version = "0.6.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fe5bd57d1d7414c6b5ed48563a2c855d995ff777729dcd91c369ec7fea395ae"
+checksum = "8cab7a364d15cde1e505267766a2d3c4e22a843e1a601f0fa7564c0f82ced11c"

 [[package]]
 name = "remove_dir_all"
-version = "0.5.2"
+version = "0.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a83fa3702a688b9359eccba92d153ac33fd2e8462f9e0e3fdf155239ea7792e"
+checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
 dependencies = [
 "winapi",
 ]
@@ -669,9 +895,9 @@ checksum = "cabe4fa914dec5870285fa7f71f602645da47c486e68486d2b4ceb4a343e90ac"

 [[package]]
 name = "rust-argon2"
-version = "0.7.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bc8af4bda8e1ff4932523b94d3dd20ee30a87232323eda55903ffd71d2fb017"
+checksum = "9dab61250775933275e84053ac235621dfb739556d5c54a2f2e9313b7cf43a19"
 dependencies = [
 "base64",
 "blake2b_simd",
@@ -679,6 +905,12 @@ dependencies = [
 "crossbeam-utils",
 ]

+[[package]]
+name = "rustc-demangle"
+version = "0.1.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e3bad0ee36814ca07d7968269dd4b7ec89ec2da10c4bb613928d3077083c232"
+
 [[package]]
 name = "rustjail"
 version = "0.1.0"
@@ -709,9 +941,9 @@ dependencies = [

 [[package]]
 name = "ryu"
-version = "1.0.4"
+version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed3d612bc64430efeb3f7ee6ef26d590dce0c43249217bddc62112540c7941e1"
+checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"

 [[package]]
 name = "scan_fmt"
@@ -730,26 +962,26 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"

 [[package]]
 name = "serde"
-version = "1.0.110"
+version = "1.0.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99e7b308464d16b56eba9964e4972a3eee817760ab60d88c3f86e1fecb08204c"
+checksum = "b88fa983de7720629c9387e9f517353ed404164b1e482c970a90c1a4aaf7dc1a"

 [[package]]
 name = "serde_derive"
-version = "1.0.110"
+version = "1.0.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "818fbf6bfa9a42d3bfcaca148547aa00c7b915bec71d1757aa2d44ca68771984"
+checksum = "cbd1ae72adb44aab48f325a02444a5fc079349a8d804c1fc922aed3f7454c74e"
 dependencies = [
- "proc-macro2",
- "quote",
- "syn",
+ "proc-macro2 1.0.24",
+ "quote 1.0.7",
+ "syn 1.0.45",
 ]

 [[package]]
 name = "serde_json"
-version = "1.0.53"
+version = "1.0.59"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "993948e75b189211a9b31a7528f950c6adc21f9720b6438ff80a7fa2f864cea2"
+checksum = "dcac07dbffa1c65e7f816ab9eba78eb142c6d44410f4eeba1e26e4f5dfa56b95"
 dependencies = [
 "itoa",
 "ryu",
@@ -773,16 +1005,16 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "65f59259be9fc1bf677d06cc1456e97756004a1a5a577480f71430bd7c17ba33"
 dependencies = [
- "proc-macro2",
- "quote",
- "syn",
+ "proc-macro2 1.0.24",
+ "quote 1.0.7",
+ "syn 1.0.45",
 ]

 [[package]]
 name = "signal-hook"
-version = "0.1.15"
+version = "0.1.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ff2db2112d6c761e12522c65f7768548bd6e8cd23d2a9dae162520626629bd6"
+checksum = "604508c1418b99dfe1925ca9224829bb2a8a9a04dda655cc01fcad46f4ab05ed"
 dependencies = [
 "libc",
 "signal-hook-registry",
@@ -790,9 +1022,9 @@ dependencies = [

 [[package]]
 name = "signal-hook-registry"
-version = "1.2.0"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94f478ede9f64724c5d173d7bb56099ec3e2d9fc2774aac65d34b8b890405f41"
+checksum = "a3e12110bc539e657a646068aaf5eb5b63af9d0c1f7b29c97113fad80e15f035"
 dependencies = [
 "arc-swap",
 "libc",
@@ -859,13 +1091,24 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"

 [[package]]
 name = "syn"
-version = "1.0.25"
+version = "0.15.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f14a640819f79b72a710c0be059dce779f9339ae046c8bef12c361d56702146f"
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
 dependencies = [
- "proc-macro2",
- "quote",
- "unicode-xid",
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "unicode-xid 0.1.0",
+]
+
+[[package]]
+name = "syn"
+version = "1.0.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea9c5432ff16d6152371f808fb5a871cd67368171b09bb21b43df8e4a47a3556"
+dependencies = [
+ "proc-macro2 1.0.24",
+ "quote 1.0.7",
+ "unicode-xid 0.2.1",
 ]

 [[package]]
@@ -880,7 +1123,7 @@ version = "3.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "libc",
 "rand",
 "redox_syscall",
@@ -890,22 +1133,22 @@ dependencies = [

 [[package]]
 name = "thiserror"
-version = "1.0.19"
+version = "1.0.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b13f926965ad00595dd129fa12823b04bbf866e9085ab0a5f2b05b850fbfc344"
+checksum = "318234ffa22e0920fe9a40d7b8369b5f649d490980cf7aadcf1eb91594869b42"
 dependencies = [
 "thiserror-impl",
 ]

 [[package]]
 name = "thiserror-impl"
-version = "1.0.19"
+version = "1.0.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "893582086c2f98cde18f906265a65b5030a074b1046c674ae898be6519a7f479"
+checksum = "cae2447b6282786c3493999f40a9be2a6ad20cb8bd268b0a0dbf5a065535c0ab"
 dependencies = [
- "proc-macro2",
- "quote",
- "syn",
+ "proc-macro2 1.0.24",
+ "quote 1.0.7",
+ "syn 1.0.45",
 ]

 [[package]]
@@ -919,18 +1162,20 @@ dependencies = [

 [[package]]
 name = "time"
-version = "0.1.43"
+version = "0.1.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
+checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
 dependencies = [
 "libc",
+ "wasi 0.10.0+wasi-snapshot-preview1",
 "winapi",
 ]

 [[package]]
 name = "ttrpc"
 version = "0.3.0"
-source = "git+https://github.com/containerd/ttrpc-rust.git?branch=0.3.0#ba1efe3bbb8f8af4895b7623ed1d11561e70e566"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa9da24c351f0feef5e66c0b28c18373a7ef3e1bfdfd5852170de494f9bf870"
 dependencies = [
 "byteorder",
 "libc",
@@ -941,10 +1186,49 @@ dependencies = [
 ]

 [[package]]
-name = "unicode-xid"
-version = "0.2.0"
+name = "ttrpc-codegen"
+version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c"
+checksum = "12e8844d7a8351fa833bea811f826401bec020b233e60a7c0a8f313f764ce5a5"
+dependencies = [
+ "protobuf",
+ "protobuf-codegen",
+ "protobuf-codegen-pure",
+ "ttrpc-compiler",
+]
+
+[[package]]
+name = "ttrpc-compiler"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d290e64bdb994926d102f2983cc6550ece0778c8430253dc2de4e71cbf5285d9"
+dependencies = [
+ "derive-new",
+ "prost",
+ "prost-build",
+ "prost-types",
+ "protobuf",
+ "protobuf-codegen",
+ "tempfile",
+]
+
+[[package]]
+name = "unicode-segmentation"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e83e153d1053cbb5a118eeff7fd5be06ed99153f00dbcd8ae310c5fb2b22edc0"
+
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"

 [[package]]
 name = "version_check"
@@ -965,10 +1249,26 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"

 [[package]]
-name = "winapi"
-version = "0.3.8"
+name = "wasi"
+version = "0.10.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8093091eeb260906a183e6ae1abdba2ef5ef2257a21801128899c3fc699229c6"
+checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
+
+[[package]]
+name = "which"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b57acb10231b9493c8472b20cb57317d0679a49e0bdbee44b3b803a6473af164"
+dependencies = [
+ "failure",
+ "libc",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
 dependencies = [
 "winapi-i686-pc-windows-gnu",
 "winapi-x86_64-pc-windows-gnu",
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@@ -11,7 +11,7 @@ rustjail = { path = "rustjail" }
 protocols = { path = "protocols" }
 netlink = { path = "netlink", features = ["with-log", "with-agent-handler"] }
 lazy_static = "1.3.0"
-ttrpc = { git = "https://github.com/containerd/ttrpc-rust.git", branch="0.3.0" }
+ttrpc = "0.3.0"
 protobuf = "=2.14.0"
 libc = "0.2.58"
 nix = "0.17.0"
--- a/src/agent/Makefile
+++ b/src/agent/Makefile
@@ -3,6 +3,11 @@
 # SPDX-License-Identifier: Apache-2.0
 #

+# To show variables or targets help on `make help`
+# Use the following format:
+# '##VAR VARIABLE_NAME: help about variable'
+# '##TARGET TARGET_NAME: help about target'
+
 PROJECT_NAME = Kata Containers
 PROJECT_URL = https://github.com/kata-containers
 PROJECT_COMPONENT = kata-agent
@@ -23,14 +28,12 @@ COMMIT_MSG = $(if $(COMMIT),$(COMMIT),unknown)
 # Exported to allow cargo to see it
 export VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION))

+##VAR BUILD_TYPE=release|debug type of rust build
 BUILD_TYPE = release

-# set proto file to generate
-ifdef proto
-  PROTO_FILE=${proto}
-endif
-
+##VAR ARCH=arch target to build (format: uname -m)
 ARCH = $(shell uname -m)
+##VAR LIBC=musl|gnu
 LIBC ?= musl
 ifneq ($(LIBC),musl)
    ifeq ($(LIBC),gnu)
@@ -46,6 +49,11 @@ ifeq ($(ARCH), ppc64le)
    $(warning "WARNING: powerpc64le-unknown-linux-musl target is unavailable")
 endif

+ifeq ($(ARCH), s390x)
+    override LIBC = gnu
+    $(warning "WARNING: s390x-unknown-linux-musl target is unavailable")
+endif
+

 EXTRA_RUSTFLAGS :=
 ifeq ($(ARCH), aarch64)
@@ -57,10 +65,12 @@ TRIPLE = $(ARCH)-unknown-linux-$(LIBC)

 TARGET_PATH = target/$(TRIPLE)/$(BUILD_TYPE)/$(TARGET)

+##VAR DESTDIR=<path> is a directory prepended to each installed target file
 DESTDIR :=
+##VAR BINDIR=<path> is a directory for installing executable programs
 BINDIR := /usr/bin

-# Define if agent will be installed as init
+##VAR INIT=yes|no define if agent will be installed as init
 INIT := no

 # Path to systemd unit directory if installed as not init.
@@ -108,6 +118,7 @@ define INSTALL_FILE
 	install -D -m 644 $1 $(DESTDIR)$2/$1 || exit 1;
 endef

+##TARGET default: build code
 default: $(TARGET) show-header

 $(TARGET): $(GENERATED_CODE) $(TARGET_PATH)
@@ -115,36 +126,54 @@ $(TARGET): $(GENERATED_CODE) $(TARGET_PATH)
 $(TARGET_PATH): $(SOURCES) | show-summary
 	@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)

-optimize: $(SOURCES) | show-summary show-header
-	@RUSTFLAGS="-C link-arg=-s $(EXTRA_RUSTFLAGS) --deny-warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)
-
-show-header:
-	@printf "%s - version %s (commit %s)\n\n" "$(TARGET)" "$(VERSION)" "$(COMMIT_MSG)"
-
 $(GENERATED_FILES): %: %.in
 	@sed $(foreach r,$(GENERATED_REPLACEMENTS),-e 's|@$r@|$($r)|g') "$<" > "$@"

-install: build-service
+##TARGET optimize: optimized  build
+optimize: $(SOURCES) | show-summary show-header
+	@RUSTFLAGS="-C link-arg=-s $(EXTRA_RUSTFLAGS) --deny-warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)
+
+##TARGET clippy: run clippy linter
+clippy: $(GENERATED_CODE)
+	cargo clippy --all-targets --all-features --release \
+		-- \
+		-Aclippy::redundant_allocation \
+		-D warnings
+
+format:
+	cargo fmt -- --check
+
+
+##TARGET install: install agent
+install: install-services
 	@install -D $(TARGET_PATH) $(DESTDIR)/$(BINDIR)/$(TARGET)

+##TARGET clean: clean build
 clean:
 	@cargo clean
 	@rm -f $(GENERATED_FILES)
+	@rm -f tarpaulin-report.html

+#TARGET test: run cargo tests
 test:
 	@cargo test --all --target $(TRIPLE)

-check: test
+##TARGET check: run test
+check: clippy format

+##TARGET run: build and run agent
 run:
 	@cargo run --target $(TRIPLE)

-build-service: $(GENERATED_FILES)
+install-services: $(GENERATED_FILES)
 ifeq ($(INIT),no)
 	@echo "Installing systemd unit files..."
 	$(foreach f,$(UNIT_FILES),$(call INSTALL_FILE,$f,$(UNIT_DIR)))
 endif

+show-header:
+	@printf "%s - version %s (commit %s)\n\n" "$(TARGET)" "$(VERSION)" "$(COMMIT_MSG)"
+
 show-summary: show-header
 	@printf "project:\n"
 	@printf "  name: $(PROJECT_NAME)\n"
@@ -160,7 +189,35 @@ show-summary: show-header
 	@printf "  %s\n" "$(call get_toolchain_version)"
 	@printf "\n"

-help: show-summary
+## help: Show help comments that start with `##VAR` and `##TARGET`
+help: Makefile show-summary
+	@echo "==========================Help============================="
+	@echo "Variables:"
+	@sed -n 's/^##VAR//p' $< | sort
+	@echo ""
+	@echo "Targets:"
+	@sed -n 's/^##TARGET//p' $< | sort
+
+TARPAULIN_ARGS:=-v --workspace
+install-tarpaulin:
+	cargo install cargo-tarpaulin
+
+# Check if cargo tarpaulin is installed
+HAS_TARPAULIN:= $(shell cargo --list | grep tarpaulin 2>/dev/null)
+check_tarpaulin:
+ifndef  HAS_TARPAULIN
+	$(error "tarpaulin is not available please: run make install-tarpaulin ")
+else
+	$(info OK: tarpaulin installed)
+endif
+
+##TARGET codecov: Generate code coverage report
+codecov: check_tarpaulin
+	cargo tarpaulin $(TARPAULIN_ARGS)
+
+##TARGET codecov-html: Generate code coverage html report
+codecov-html: check_tarpaulin
+	cargo tarpaulin $(TARPAULIN_ARGS) -o Html

 .PHONY: \
 	help \
@@ -168,5 +225,6 @@ help: show-summary
 	show-summary \
 	optimize

+##TARGET generate-protocols: generate/update grpc agent protocols
 generate-protocols:
-	protocols/hack/update-generated-proto.sh "${PROTO_FILE}"
+	protocols/hack/update-generated-proto.sh all
--- a/src/agent/oci/src/lib.rs
+++ b/src/agent/oci/src/lib.rs
@@ -142,7 +142,7 @@ pub struct User {
    pub gid: u32,
    #[serde(
        default,
-        rename = "addtionalGids",
+        rename = "additionalGids",
        skip_serializing_if = "Vec::is_empty"
    )]
    pub additional_gids: Vec<u32>,
@@ -302,6 +302,7 @@ pub struct LinuxBlockIODevice {

 #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
 pub struct LinuxWeightDevice {
+    #[serde(flatten)]
    pub blk: LinuxBlockIODevice,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub weight: Option<u16>,
@@ -315,6 +316,7 @@ pub struct LinuxWeightDevice {

 #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
 pub struct LinuxThrottleDevice {
+    #[serde(flatten)]
    pub blk: LinuxBlockIODevice,
    #[serde(default)]
    pub rate: u64,
@@ -375,7 +377,7 @@ pub struct LinuxMemory {
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "kernelTCP")]
    pub kernel_tcp: Option<i64>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub swapiness: Option<i64>,
+    pub swappiness: Option<i64>,
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
@@ -782,7 +784,17 @@ pub struct LinuxIntelRdt {
    pub l3_cache_schema: String,
 }

-#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
+#[derive(Debug, Serialize, Deserialize, Copy, Clone, PartialEq)]
+#[serde(rename_all = "lowercase")]
+pub enum ContainerState {
+    CREATING,
+    CREATED,
+    RUNNING,
+    STOPPED,
+    PAUSED,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
 pub struct State {
    #[serde(
        default,
@@ -792,8 +804,7 @@ pub struct State {
    pub version: String,
    #[serde(default, skip_serializing_if = "String::is_empty")]
    pub id: String,
-    #[serde(default, skip_serializing_if = "String::is_empty")]
-    pub status: String,
+    pub status: ContainerState,
    #[serde(default)]
    pub pid: i32,
    #[serde(default, skip_serializing_if = "String::is_empty")]
@@ -804,6 +815,8 @@ pub struct State {

 #[cfg(test)]
 mod tests {
+    use super::*;
+
    #[test]
    fn test_deserialize_state() {
        let data = r#"{
@@ -816,10 +829,10 @@ mod tests {
                "myKey": "myValue"
            }
        }"#;
-        let expected = crate::State {
+        let expected = State {
            version: "0.2.0".to_string(),
            id: "oci-container1".to_string(),
-            status: "running".to_string(),
+            status: ContainerState::RUNNING,
            pid: 4422,
            bundle: "/containers/redis".to_string(),
            annotations: [("myKey".to_string(), "myValue".to_string())]
@@ -833,7 +846,7 @@ mod tests {
    }

    #[test]
-    fn test_deserialize_sepc() {
+    fn test_deserialize_spec() {
        let data = r#"{
            "ociVersion": "1.0.1",
            "process": {
@@ -1118,36 +1131,28 @@ mod tests {
                        "leafWeight": 10,
                        "weightDevice": [
                            {
-                                "blk": {
-                                    "major": 8,
-                                    "minor": 0
-                                },
+                                "major": 8,
+                                "minor": 0,
                                "weight": 500,
                                "leafWeight": 300
                            },
                            {
-                                "blk":{
-                                    "major": 8,
-                                    "minor": 16
-                                },
+                                "major": 8,
+                                "minor": 16,
                                "weight": 500
                            }
                        ],
                        "throttleReadBpsDevice": [
                            {
-                                "blk":{
-                                    "major": 8,
-                                    "minor": 0
-                                },
+                                "major": 8,
+                                "minor": 0,
                                "rate": 600
                            }
                        ],
                        "throttleWriteIOPSDevice": [
                            {
-                                "blk":{
-                                    "major": 8,
-                                    "minor": 16
-                                },
+                                "major": 8,
+                                "minor": 16,
                                "rate": 300
                            }
                        ]
@@ -1223,8 +1228,7 @@ mod tests {
                    uid: 1,
                    gid: 1,
                    // incompatible with oci
-                    // additional_gids: vec![5, 6],
-                    additional_gids: vec![],
+                    additional_gids: vec![5, 6],
                    username: "".to_string(),
                },
                args: vec!["sh".to_string()],
@@ -1437,8 +1441,7 @@ mod tests {
                        swap: Some(536870912),
                        kernel: Some(-1),
                        kernel_tcp: Some(-1),
-                        // incompatible with oci
-                        swapiness: None,
+                        swappiness: Some(0),
                        disable_oom_killer: Some(false),
                    }),
                    cpu: Some(crate::LinuxCPU {
@@ -1591,25 +1594,6 @@ mod tests {
            vm: None,
        };

-        // warning : incompatible with oci : https://github.com/opencontainers/runtime-spec/blob/master/config.md
-        // 1. User use addtionalGids while oci use additionalGids
-        // 2. LinuxMemory use swapiness while oci use swappiness
-        // 3. LinuxWeightDevice with blk
-        //    {
-        //        "blk": {
-        //            "major": 8,
-        //            "minor": 0
-        //        },
-        //        "weight": 500,
-        //        "leafWeight": 300
-        //    }
-        //    oci without blk
-        //    {
-        //        "major": 8,
-        //        "minor": 0,
-        //        "weight": 500,
-        //        "leafWeight": 300
-        //    }
        let current: crate::Spec = serde_json::from_str(data).unwrap();
        assert_eq!(expected, current);
    }
--- a/src/agent/oci/src/serialize.rs
+++ b/src/agent/oci/src/serialize.rs
@@ -4,7 +4,6 @@
 //

 use serde::{Deserialize, Serialize};
-use serde_json;

 use std::error;
 use std::fmt::{Display, Formatter, Result as FmtResult};
--- a/src/agent/protocols/Cargo.toml
+++ b/src/agent/protocols/Cargo.toml
@@ -5,6 +5,9 @@ authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
 edition = "2018"

 [dependencies]
-ttrpc = { git = "https://github.com/containerd/ttrpc-rust.git", branch="0.3.0" }
+ttrpc = "0.3.0"
 protobuf = "=2.14.0"
 futures = "0.1.27"
+
+[build-dependencies]
+ttrpc-codegen = "0.1.2"
--- a/src/agent/protocols/build.rs
+++ b/src/agent/protocols/build.rs
@@ -0,0 +1,54 @@
+// Copyright (c) 2020 Ant Group
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+use std::fs::File;
+use std::io::{Read, Write};
+
+fn main() {
+    let protos = vec![
+        "protos/types.proto",
+        "protos/agent.proto",
+        "protos/health.proto",
+        "protos/google/protobuf/empty.proto",
+        "protos/oci.proto",
+    ];
+
+    // Tell Cargo that if the .proto files changed, to rerun this build script.
+    protos
+        .iter()
+        .for_each(|p| println!("cargo:rerun-if-changed={}", &p));
+
+    ttrpc_codegen::Codegen::new()
+        .out_dir("src")
+        .inputs(&protos)
+        .include("protos")
+        .rust_protobuf()
+        .run()
+        .expect("Gen codes failed.");
+
+    // There is a message named 'Box' in oci.proto
+    // so there is a struct named 'Box', we should replace Box<Self> to ::std::boxed::Box<Self>
+    // to avoid the conflict.
+    replace_text_in_file(
+        "src/oci.rs",
+        "self: Box<Self>",
+        "self: ::std::boxed::Box<Self>",
+    )
+    .unwrap();
+}
+
+fn replace_text_in_file(file_name: &str, from: &str, to: &str) -> Result<(), std::io::Error> {
+    let mut src = File::open(file_name)?;
+    let mut contents = String::new();
+    src.read_to_string(&mut contents).unwrap();
+    drop(src);
+
+    let new_contents = contents.replace(from, to);
+
+    let mut dst = File::create(&file_name)?;
+    dst.write_all(new_contents.as_bytes())?;
+
+    Ok(())
+}
--- a/src/agent/protocols/hack/update-generated-proto.sh
+++ b/src/agent/protocols/hack/update-generated-proto.sh
@@ -1,7 +1,7 @@
 #!/bin/bash

 # //
-# // Copyright 2020 Ant Financial
+# // Copyright (c) 2020 Ant Group
 # //
 # // SPDX-License-Identifier: Apache-2.0
 # //
@@ -51,7 +51,7 @@ generate_go_sources() {
 --gogottrpc_out=plugins=ttrpc+fieldpath,\
 import_path=github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc,\
 \
-Mgithub.com/kata-containers/kata-containers/src/agent/protocols/protos/github.com/kata-containers/agent/pkg/types/types.proto=github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols,\
+Mgithub.com/kata-containers/kata-containers/src/agent/protocols/protos/types.proto=github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols,\
 \
 Mgithub.com/kata-containers/kata-containers/src/agent/protocols/protos/oci.proto=github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc,\
 \
@@ -64,31 +64,12 @@ $GOPATH/src/github.com/kata-containers/kata-containers/src/agent/protocols/proto
    [ $? -eq 0 ] || die "Failed to generate golang file from $1"
 }

-generate_rust_sources() {
-    local cmd="protoc --rust_out=./protocols/src/ \
--ttrpc_out=./protocols/src/,plugins=ttrpc:./protocols/src/ \
--plugin=protoc-gen-ttrpc=`which ttrpc_rust_plugin` \
-I $GOPATH/src/github.com/kata-containers/agent/vendor/github.com/gogo/protobuf:$GOPATH/src/github.com/kata-containers/agent/vendor:$GOPATH/src/github.com/gogo/protobuf:$GOPATH/src/github.com/gogo/googleapis:$GOPATH/src:$GOPATH/src/github.com/kata-containers/kata-containers/src/agent/protocols/protos \
-$GOPATH/src/github.com/kata-containers/kata-containers/src/agent/protocols/protos/$1"
-
-    echo $cmd
-    $cmd
-    [ $? -eq 0 ] || die "Failed to generate rust file from $1"
-
-    if [ "$1" = "oci.proto" ]; then
-        # Need change Box<Self> to ::std::boxed::Box<Self> because there is another struct Box
-        sed 's/fn into_any(self: Box<Self>) -> ::std::boxed::Box<::std::any::Any> {/fn into_any(self: ::std::boxed::Box<Self>) -> ::std::boxed::Box<::std::any::Any> {/g' ./protocols/src/oci.rs > ./protocols/src/new_oci.rs
-        sed 's/fn into_any(self: Box<Self>) -> ::std::boxed::Box<dyn (::std::any::Any)> {/fn into_any(self: ::std::boxed::Box<Self>) -> ::std::boxed::Box<dyn (::std::any::Any)> {/g' ./protocols/src/oci.rs > ./protocols/src/new_oci.rs
-        mv ./protocols/src/new_oci.rs ./protocols/src/oci.rs
-    fi;
-}
-
 if [ "$(basename $(pwd))" != "agent" ]; then
 	die "Please go to directory of protocols before execute this shell"
 fi

 # Protocol buffer files required to generate golang/rust bindings.
-proto_files_list=(agent.proto health.proto oci.proto github.com/kata-containers/agent/pkg/types/types.proto)
+proto_files_list=(agent.proto health.proto oci.proto types.proto)

 if [ "$1" = "" ]; then
    show_usage "${proto_files_list[@]}"
@@ -118,10 +99,6 @@ if [ "$target" = "all" ]; then
        echo -e "\n   [golang] compiling ${f} ..."
        generate_go_sources $f
        echo -e "   [golang] ${f} compiled\n"
-
-        echo -e "\n   [rust] compiling ${f} ..."
-        generate_rust_sources $f
-        echo -e "   [rust] ${f} compiled\n"
    done
 else
    # compile individual proto file
@@ -130,10 +107,6 @@ else
            echo -e "\n   [golang] compiling ${target} ..."
            generate_go_sources $target
            echo -e "   [golang] ${target} compiled\n"
-
-            echo -e "\n   [rust] compiling ${target} ..."
-            generate_rust_sources $target
-            echo -e "   [rust] ${target} compiled\n"
        fi
    done
 fi;
--- a/src/agent/protocols/protos/agent.proto
+++ b/src/agent/protocols/protos/agent.proto
@@ -1,6 +1,6 @@
 //
 // Copyright 2017 HyperHQ Inc.
-// Copyright 2019 Ant Financial
+// Copyright (c) 2019-2020 Ant Group
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -11,8 +11,8 @@ option go_package = "github.com/kata-containers/kata-containers/src/runtime/virt

 package grpc;

-import "github.com/kata-containers/kata-containers/src/agent/protocols/protos/oci.proto";
-import "github.com/kata-containers/kata-containers/src/agent/protocols/protos/github.com/kata-containers/agent/pkg/types/types.proto";
+import "oci.proto";
+import "types.proto";

 import "google/protobuf/empty.proto";

--- a/src/agent/protocols/protos/github.com/gogo/protobuf/gogoproto/gogo.proto
+++ b/src/agent/protocols/protos/github.com/gogo/protobuf/gogoproto/gogo.proto
--- a/src/agent/protocols/protos/health.proto
+++ b/src/agent/protocols/protos/health.proto
@@ -1,6 +1,6 @@
 //
-// Copyright 2017 HyperHQ Inc.
-// Copyright (c) 2019 Ant Financial
+// Copyright (c) 2017 HyperHQ Inc.
+// Copyright (c) 2019-2020 Ant Group
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -11,7 +11,7 @@ option go_package = "github.com/kata-containers/kata-containers/src/runtime/virt

 package grpc;

-import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+import "gogo/protobuf/gogoproto/gogo.proto";

 option (gogoproto.equal_all) = true;
 option (gogoproto.populate_all) = true;
--- a/src/agent/protocols/protos/oci.proto
+++ b/src/agent/protocols/protos/oci.proto
@@ -1,6 +1,6 @@
 //
 // Copyright (c) 2017 Intel Corporation
-// Copyright (c) 2019 Ant Financial
+// Copyright (c) 2019-2020 Ant Group
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -11,7 +11,7 @@ option go_package = "github.com/kata-containers/kata-containers/src/runtime/virt

 package grpc;

-import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+import "gogo/protobuf/gogoproto/gogo.proto";
 import "google/protobuf/wrappers.proto";

 option (gogoproto.equal_all) = true;
--- a/src/agent/protocols/protos/github.com/kata-containers/agent/pkg/types/types.proto
+++ b/src/agent/protocols/protos/github.com/kata-containers/agent/pkg/types/types.proto
@@ -1,6 +1,6 @@
 //
 // Copyright 2018 Intel Corporation.
-// Copyright (c) 2019 Ant Financial
+// Copyright (c) 2019-2020 Ant Group
 //
 // SPDX-License-Identifier: Apache-2.0
 //
--- a/src/agent/protocols/src/agent.rs
+++ b/src/agent/protocols/src/agent.rs
--- a/src/agent/protocols/src/agent_ttrpc.rs
+++ b/src/agent/protocols/src/agent_ttrpc.rs
@@ -1,808 +0,0 @@
-// Copyright (c) 2020 Ant Financial
-//
-// SPDX-License-Identifier: Apache-2.0
-//
-
-// This file is generated by ttrpc-compiler 0.3.0. Do not edit
-// @generated
-
-// https://github.com/Manishearth/rust-clippy/issues/702
-#![allow(unknown_lints)]
-#![allow(clipto_camel_casepy)]
-
-#![cfg_attr(rustfmt, rustfmt_skip)]
-
-#![allow(box_pointers)]
-#![allow(dead_code)]
-#![allow(missing_docs)]
-#![allow(non_camel_case_types)]
-#![allow(non_snake_case)]
-#![allow(non_upper_case_globals)]
-#![allow(trivial_casts)]
-#![allow(unsafe_code)]
-#![allow(unused_imports)]
-#![allow(unused_results)]
-use protobuf::{CodedInputStream, CodedOutputStream, Message};
-use std::collections::HashMap;
-use std::sync::Arc;
-
-#[derive(Clone)]
-pub struct AgentServiceClient {
-    client: ::ttrpc::Client,
-}
-
-impl AgentServiceClient {
-    pub fn new(client: ::ttrpc::Client) -> Self {
-        AgentServiceClient {
-            client: client,
-        }
-    }
-
-    pub fn create_container(&self, req: &super::agent::CreateContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "CreateContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn start_container(&self, req: &super::agent::StartContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "StartContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn remove_container(&self, req: &super::agent::RemoveContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "RemoveContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn exec_process(&self, req: &super::agent::ExecProcessRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ExecProcess", cres);
-        Ok(cres)
-    }
-
-    pub fn signal_process(&self, req: &super::agent::SignalProcessRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "SignalProcess", cres);
-        Ok(cres)
-    }
-
-    pub fn wait_process(&self, req: &super::agent::WaitProcessRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::WaitProcessResponse> {
-        let mut cres = super::agent::WaitProcessResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "WaitProcess", cres);
-        Ok(cres)
-    }
-
-    pub fn list_processes(&self, req: &super::agent::ListProcessesRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::ListProcessesResponse> {
-        let mut cres = super::agent::ListProcessesResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ListProcesses", cres);
-        Ok(cres)
-    }
-
-    pub fn update_container(&self, req: &super::agent::UpdateContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "UpdateContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn stats_container(&self, req: &super::agent::StatsContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::StatsContainerResponse> {
-        let mut cres = super::agent::StatsContainerResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "StatsContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn pause_container(&self, req: &super::agent::PauseContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "PauseContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn resume_container(&self, req: &super::agent::ResumeContainerRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ResumeContainer", cres);
-        Ok(cres)
-    }
-
-    pub fn write_stdin(&self, req: &super::agent::WriteStreamRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::WriteStreamResponse> {
-        let mut cres = super::agent::WriteStreamResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "WriteStdin", cres);
-        Ok(cres)
-    }
-
-    pub fn read_stdout(&self, req: &super::agent::ReadStreamRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::ReadStreamResponse> {
-        let mut cres = super::agent::ReadStreamResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ReadStdout", cres);
-        Ok(cres)
-    }
-
-    pub fn read_stderr(&self, req: &super::agent::ReadStreamRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::ReadStreamResponse> {
-        let mut cres = super::agent::ReadStreamResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ReadStderr", cres);
-        Ok(cres)
-    }
-
-    pub fn close_stdin(&self, req: &super::agent::CloseStdinRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "CloseStdin", cres);
-        Ok(cres)
-    }
-
-    pub fn tty_win_resize(&self, req: &super::agent::TtyWinResizeRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "TtyWinResize", cres);
-        Ok(cres)
-    }
-
-    pub fn update_interface(&self, req: &super::agent::UpdateInterfaceRequest, timeout_nano: i64) -> ::ttrpc::Result<super::types::Interface> {
-        let mut cres = super::types::Interface::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "UpdateInterface", cres);
-        Ok(cres)
-    }
-
-    pub fn update_routes(&self, req: &super::agent::UpdateRoutesRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::Routes> {
-        let mut cres = super::agent::Routes::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "UpdateRoutes", cres);
-        Ok(cres)
-    }
-
-    pub fn list_interfaces(&self, req: &super::agent::ListInterfacesRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::Interfaces> {
-        let mut cres = super::agent::Interfaces::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ListInterfaces", cres);
-        Ok(cres)
-    }
-
-    pub fn list_routes(&self, req: &super::agent::ListRoutesRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::Routes> {
-        let mut cres = super::agent::Routes::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ListRoutes", cres);
-        Ok(cres)
-    }
-
-    pub fn add_arp_neighbors(&self, req: &super::agent::AddARPNeighborsRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "AddARPNeighbors", cres);
-        Ok(cres)
-    }
-
-    pub fn start_tracing(&self, req: &super::agent::StartTracingRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "StartTracing", cres);
-        Ok(cres)
-    }
-
-    pub fn stop_tracing(&self, req: &super::agent::StopTracingRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "StopTracing", cres);
-        Ok(cres)
-    }
-
-    pub fn get_metrics(&self, req: &super::agent::GetMetricsRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::Metrics> {
-        let mut cres = super::agent::Metrics::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "GetMetrics", cres);
-        Ok(cres)
-    }
-
-    pub fn create_sandbox(&self, req: &super::agent::CreateSandboxRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "CreateSandbox", cres);
-        Ok(cres)
-    }
-
-    pub fn destroy_sandbox(&self, req: &super::agent::DestroySandboxRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "DestroySandbox", cres);
-        Ok(cres)
-    }
-
-    pub fn online_cpu_mem(&self, req: &super::agent::OnlineCPUMemRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "OnlineCPUMem", cres);
-        Ok(cres)
-    }
-
-    pub fn reseed_random_dev(&self, req: &super::agent::ReseedRandomDevRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "ReseedRandomDev", cres);
-        Ok(cres)
-    }
-
-    pub fn get_guest_details(&self, req: &super::agent::GuestDetailsRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::GuestDetailsResponse> {
-        let mut cres = super::agent::GuestDetailsResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "GetGuestDetails", cres);
-        Ok(cres)
-    }
-
-    pub fn mem_hotplug_by_probe(&self, req: &super::agent::MemHotplugByProbeRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "MemHotplugByProbe", cres);
-        Ok(cres)
-    }
-
-    pub fn set_guest_date_time(&self, req: &super::agent::SetGuestDateTimeRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "SetGuestDateTime", cres);
-        Ok(cres)
-    }
-
-    pub fn copy_file(&self, req: &super::agent::CopyFileRequest, timeout_nano: i64) -> ::ttrpc::Result<super::empty::Empty> {
-        let mut cres = super::empty::Empty::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "CopyFile", cres);
-        Ok(cres)
-    }
-
-    pub fn get_oom_event(&self, req: &super::agent::GetOOMEventRequest, timeout_nano: i64) -> ::ttrpc::Result<super::agent::OOMEvent> {
-        let mut cres = super::agent::OOMEvent::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.AgentService", "GetOOMEvent", cres);
-        Ok(cres)
-    }
-}
-
-struct CreateContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for CreateContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, CreateContainerRequest, create_container);
-        Ok(())
-    }
-}
-
-struct StartContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for StartContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, StartContainerRequest, start_container);
-        Ok(())
-    }
-}
-
-struct RemoveContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for RemoveContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, RemoveContainerRequest, remove_container);
-        Ok(())
-    }
-}
-
-struct ExecProcessMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ExecProcessMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ExecProcessRequest, exec_process);
-        Ok(())
-    }
-}
-
-struct SignalProcessMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for SignalProcessMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, SignalProcessRequest, signal_process);
-        Ok(())
-    }
-}
-
-struct WaitProcessMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for WaitProcessMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, WaitProcessRequest, wait_process);
-        Ok(())
-    }
-}
-
-struct ListProcessesMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ListProcessesMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ListProcessesRequest, list_processes);
-        Ok(())
-    }
-}
-
-struct UpdateContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for UpdateContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, UpdateContainerRequest, update_container);
-        Ok(())
-    }
-}
-
-struct StatsContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for StatsContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, StatsContainerRequest, stats_container);
-        Ok(())
-    }
-}
-
-struct PauseContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for PauseContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, PauseContainerRequest, pause_container);
-        Ok(())
-    }
-}
-
-struct ResumeContainerMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ResumeContainerMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ResumeContainerRequest, resume_container);
-        Ok(())
-    }
-}
-
-struct WriteStdinMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for WriteStdinMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, WriteStreamRequest, write_stdin);
-        Ok(())
-    }
-}
-
-struct ReadStdoutMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ReadStdoutMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ReadStreamRequest, read_stdout);
-        Ok(())
-    }
-}
-
-struct ReadStderrMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ReadStderrMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ReadStreamRequest, read_stderr);
-        Ok(())
-    }
-}
-
-struct CloseStdinMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for CloseStdinMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, CloseStdinRequest, close_stdin);
-        Ok(())
-    }
-}
-
-struct TtyWinResizeMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for TtyWinResizeMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, TtyWinResizeRequest, tty_win_resize);
-        Ok(())
-    }
-}
-
-struct UpdateInterfaceMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for UpdateInterfaceMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, UpdateInterfaceRequest, update_interface);
-        Ok(())
-    }
-}
-
-struct UpdateRoutesMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for UpdateRoutesMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, UpdateRoutesRequest, update_routes);
-        Ok(())
-    }
-}
-
-struct ListInterfacesMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ListInterfacesMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ListInterfacesRequest, list_interfaces);
-        Ok(())
-    }
-}
-
-struct ListRoutesMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ListRoutesMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ListRoutesRequest, list_routes);
-        Ok(())
-    }
-}
-
-struct AddArpNeighborsMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for AddArpNeighborsMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, AddARPNeighborsRequest, add_arp_neighbors);
-        Ok(())
-    }
-}
-
-struct StartTracingMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for StartTracingMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, StartTracingRequest, start_tracing);
-        Ok(())
-    }
-}
-
-struct StopTracingMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for StopTracingMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, StopTracingRequest, stop_tracing);
-        Ok(())
-    }
-}
-
-struct GetMetricsMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for GetMetricsMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, GetMetricsRequest, get_metrics);
-        Ok(())
-    }
-}
-
-struct CreateSandboxMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for CreateSandboxMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, CreateSandboxRequest, create_sandbox);
-        Ok(())
-    }
-}
-
-struct DestroySandboxMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for DestroySandboxMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, DestroySandboxRequest, destroy_sandbox);
-        Ok(())
-    }
-}
-
-struct OnlineCpuMemMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for OnlineCpuMemMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, OnlineCPUMemRequest, online_cpu_mem);
-        Ok(())
-    }
-}
-
-struct ReseedRandomDevMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for ReseedRandomDevMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, ReseedRandomDevRequest, reseed_random_dev);
-        Ok(())
-    }
-}
-
-struct GetGuestDetailsMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for GetGuestDetailsMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, GuestDetailsRequest, get_guest_details);
-        Ok(())
-    }
-}
-
-struct MemHotplugByProbeMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for MemHotplugByProbeMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, MemHotplugByProbeRequest, mem_hotplug_by_probe);
-        Ok(())
-    }
-}
-
-struct SetGuestDateTimeMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for SetGuestDateTimeMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, SetGuestDateTimeRequest, set_guest_date_time);
-        Ok(())
-    }
-}
-
-struct CopyFileMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for CopyFileMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, CopyFileRequest, copy_file);
-        Ok(())
-    }
-}
-
-struct GetOomEventMethod {
-    service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for GetOomEventMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, agent, GetOOMEventRequest, get_oom_event);
-        Ok(())
-    }
-}
-
-pub trait AgentService {
-    fn create_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::CreateContainerRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/CreateContainer is not supported".to_string())))
-    }
-    fn start_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::StartContainerRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/StartContainer is not supported".to_string())))
-    }
-    fn remove_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::RemoveContainerRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/RemoveContainer is not supported".to_string())))
-    }
-    fn exec_process(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ExecProcessRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ExecProcess is not supported".to_string())))
-    }
-    fn signal_process(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::SignalProcessRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/SignalProcess is not supported".to_string())))
-    }
-    fn wait_process(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::WaitProcessRequest) -> ::ttrpc::Result<super::agent::WaitProcessResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/WaitProcess is not supported".to_string())))
-    }
-    fn list_processes(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ListProcessesRequest) -> ::ttrpc::Result<super::agent::ListProcessesResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ListProcesses is not supported".to_string())))
-    }
-    fn update_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::UpdateContainerRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/UpdateContainer is not supported".to_string())))
-    }
-    fn stats_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::StatsContainerRequest) -> ::ttrpc::Result<super::agent::StatsContainerResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/StatsContainer is not supported".to_string())))
-    }
-    fn pause_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::PauseContainerRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/PauseContainer is not supported".to_string())))
-    }
-    fn resume_container(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ResumeContainerRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ResumeContainer is not supported".to_string())))
-    }
-    fn write_stdin(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::WriteStreamRequest) -> ::ttrpc::Result<super::agent::WriteStreamResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/WriteStdin is not supported".to_string())))
-    }
-    fn read_stdout(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ReadStreamRequest) -> ::ttrpc::Result<super::agent::ReadStreamResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ReadStdout is not supported".to_string())))
-    }
-    fn read_stderr(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ReadStreamRequest) -> ::ttrpc::Result<super::agent::ReadStreamResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ReadStderr is not supported".to_string())))
-    }
-    fn close_stdin(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::CloseStdinRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/CloseStdin is not supported".to_string())))
-    }
-    fn tty_win_resize(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::TtyWinResizeRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/TtyWinResize is not supported".to_string())))
-    }
-    fn update_interface(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::UpdateInterfaceRequest) -> ::ttrpc::Result<super::types::Interface> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/UpdateInterface is not supported".to_string())))
-    }
-    fn update_routes(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::UpdateRoutesRequest) -> ::ttrpc::Result<super::agent::Routes> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/UpdateRoutes is not supported".to_string())))
-    }
-    fn list_interfaces(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ListInterfacesRequest) -> ::ttrpc::Result<super::agent::Interfaces> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ListInterfaces is not supported".to_string())))
-    }
-    fn list_routes(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ListRoutesRequest) -> ::ttrpc::Result<super::agent::Routes> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ListRoutes is not supported".to_string())))
-    }
-    fn add_arp_neighbors(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::AddARPNeighborsRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/AddARPNeighbors is not supported".to_string())))
-    }
-    fn start_tracing(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::StartTracingRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/StartTracing is not supported".to_string())))
-    }
-    fn stop_tracing(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::StopTracingRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/StopTracing is not supported".to_string())))
-    }
-    fn get_metrics(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::GetMetricsRequest) -> ::ttrpc::Result<super::agent::Metrics> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/GetMetrics is not supported".to_string())))
-    }
-    fn create_sandbox(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::CreateSandboxRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/CreateSandbox is not supported".to_string())))
-    }
-    fn destroy_sandbox(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::DestroySandboxRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/DestroySandbox is not supported".to_string())))
-    }
-    fn online_cpu_mem(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::OnlineCPUMemRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/OnlineCPUMem is not supported".to_string())))
-    }
-    fn reseed_random_dev(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::ReseedRandomDevRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/ReseedRandomDev is not supported".to_string())))
-    }
-    fn get_guest_details(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::GuestDetailsRequest) -> ::ttrpc::Result<super::agent::GuestDetailsResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/GetGuestDetails is not supported".to_string())))
-    }
-    fn mem_hotplug_by_probe(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::MemHotplugByProbeRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/MemHotplugByProbe is not supported".to_string())))
-    }
-    fn set_guest_date_time(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::SetGuestDateTimeRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/SetGuestDateTime is not supported".to_string())))
-    }
-    fn copy_file(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::CopyFileRequest) -> ::ttrpc::Result<super::empty::Empty> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/CopyFile is not supported".to_string())))
-    }
-    fn get_oom_event(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::agent::GetOOMEventRequest) -> ::ttrpc::Result<super::agent::OOMEvent> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.AgentService/GetOOMEvent is not supported".to_string())))
-    }
-}
-
-pub fn create_agent_service(service: Arc<std::boxed::Box<dyn AgentService + Send + Sync>>) -> HashMap <String, Box<dyn ::ttrpc::MethodHandler + Send + Sync>> {
-    let mut methods = HashMap::new();
-
-    methods.insert("/grpc.AgentService/CreateContainer".to_string(),
-                    std::boxed::Box::new(CreateContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/StartContainer".to_string(),
-                    std::boxed::Box::new(StartContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/RemoveContainer".to_string(),
-                    std::boxed::Box::new(RemoveContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ExecProcess".to_string(),
-                    std::boxed::Box::new(ExecProcessMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/SignalProcess".to_string(),
-                    std::boxed::Box::new(SignalProcessMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/WaitProcess".to_string(),
-                    std::boxed::Box::new(WaitProcessMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ListProcesses".to_string(),
-                    std::boxed::Box::new(ListProcessesMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/UpdateContainer".to_string(),
-                    std::boxed::Box::new(UpdateContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/StatsContainer".to_string(),
-                    std::boxed::Box::new(StatsContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/PauseContainer".to_string(),
-                    std::boxed::Box::new(PauseContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ResumeContainer".to_string(),
-                    std::boxed::Box::new(ResumeContainerMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/WriteStdin".to_string(),
-                    std::boxed::Box::new(WriteStdinMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ReadStdout".to_string(),
-                    std::boxed::Box::new(ReadStdoutMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ReadStderr".to_string(),
-                    std::boxed::Box::new(ReadStderrMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/CloseStdin".to_string(),
-                    std::boxed::Box::new(CloseStdinMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/TtyWinResize".to_string(),
-                    std::boxed::Box::new(TtyWinResizeMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/UpdateInterface".to_string(),
-                    std::boxed::Box::new(UpdateInterfaceMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/UpdateRoutes".to_string(),
-                    std::boxed::Box::new(UpdateRoutesMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ListInterfaces".to_string(),
-                    std::boxed::Box::new(ListInterfacesMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ListRoutes".to_string(),
-                    std::boxed::Box::new(ListRoutesMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/AddARPNeighbors".to_string(),
-                    std::boxed::Box::new(AddArpNeighborsMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/StartTracing".to_string(),
-                    std::boxed::Box::new(StartTracingMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/StopTracing".to_string(),
-                    std::boxed::Box::new(StopTracingMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/GetMetrics".to_string(),
-                    std::boxed::Box::new(GetMetricsMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/CreateSandbox".to_string(),
-                    std::boxed::Box::new(CreateSandboxMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/DestroySandbox".to_string(),
-                    std::boxed::Box::new(DestroySandboxMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/OnlineCPUMem".to_string(),
-                    std::boxed::Box::new(OnlineCpuMemMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/ReseedRandomDev".to_string(),
-                    std::boxed::Box::new(ReseedRandomDevMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/GetGuestDetails".to_string(),
-                    std::boxed::Box::new(GetGuestDetailsMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/MemHotplugByProbe".to_string(),
-                    std::boxed::Box::new(MemHotplugByProbeMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/SetGuestDateTime".to_string(),
-                    std::boxed::Box::new(SetGuestDateTimeMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/CopyFile".to_string(),
-                    std::boxed::Box::new(CopyFileMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.AgentService/GetOOMEvent".to_string(),
-                    std::boxed::Box::new(GetOomEventMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods
-}
--- a/src/agent/protocols/src/empty.rs
+++ b/src/agent/protocols/src/empty.rs
@@ -1,242 +0,0 @@
-// Copyright (c) 2019 Ant Financial
-//
-// SPDX-License-Identifier: Apache-2.0
-//
-// This file is generated by rust-protobuf 2.14.0. Do not edit
-// @generated
-
-// https://github.com/rust-lang/rust-clippy/issues/702
-#![allow(unknown_lints)]
-#![allow(clippy::all)]
-
-#![cfg_attr(rustfmt, rustfmt_skip)]
-
-#![allow(box_pointers)]
-#![allow(dead_code)]
-#![allow(missing_docs)]
-#![allow(non_camel_case_types)]
-#![allow(non_snake_case)]
-#![allow(non_upper_case_globals)]
-#![allow(trivial_casts)]
-#![allow(unsafe_code)]
-#![allow(unused_imports)]
-#![allow(unused_results)]
-//! Generated file from `google/protobuf/empty.proto`
-
-use protobuf::Message as Message_imported_for_functions;
-use protobuf::ProtobufEnum as ProtobufEnum_imported_for_functions;
-
-/// Generated files are compatible only with the same version
-/// of protobuf runtime.
-// const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_2_14_0;
-
-#[derive(PartialEq,Clone,Default)]
-pub struct Empty {
-    // special fields
-    pub unknown_fields: ::protobuf::UnknownFields,
-    pub cached_size: ::protobuf::CachedSize,
-}
-
-impl<'a> ::std::default::Default for &'a Empty {
-    fn default() -> &'a Empty {
-        <Empty as ::protobuf::Message>::default_instance()
-    }
-}
-
-impl Empty {
-    pub fn new() -> Empty {
-        ::std::default::Default::default()
-    }
-}
-
-impl ::protobuf::Message for Empty {
-    fn is_initialized(&self) -> bool {
-        true
-    }
-
-    fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        while !is.eof()? {
-            let (field_number, wire_type) = is.read_tag_unpack()?;
-            match field_number {
-                _ => {
-                    ::protobuf::rt::read_unknown_or_skip_group(field_number, wire_type, is, self.mut_unknown_fields())?;
-                },
-            };
-        }
-        ::std::result::Result::Ok(())
-    }
-
-    // Compute sizes of nested messages
-    #[allow(unused_variables)]
-    fn compute_size(&self) -> u32 {
-        let mut my_size = 0;
-        my_size += ::protobuf::rt::unknown_fields_size(self.get_unknown_fields());
-        self.cached_size.set(my_size);
-        my_size
-    }
-
-    fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        os.write_unknown_fields(self.get_unknown_fields())?;
-        ::std::result::Result::Ok(())
-    }
-
-    fn get_cached_size(&self) -> u32 {
-        self.cached_size.get()
-    }
-
-    fn get_unknown_fields(&self) -> &::protobuf::UnknownFields {
-        &self.unknown_fields
-    }
-
-    fn mut_unknown_fields(&mut self) -> &mut ::protobuf::UnknownFields {
-        &mut self.unknown_fields
-    }
-
-    fn as_any(&self) -> &dyn (::std::any::Any) {
-        self as &dyn (::std::any::Any)
-    }
-    fn as_any_mut(&mut self) -> &mut dyn (::std::any::Any) {
-        self as &mut dyn (::std::any::Any)
-    }
-    fn into_any(self: Box<Self>) -> ::std::boxed::Box<dyn (::std::any::Any)> {
-        self
-    }
-
-    fn descriptor(&self) -> &'static ::protobuf::reflect::MessageDescriptor {
-        Self::descriptor_static()
-    }
-
-    fn new() -> Empty {
-        Empty::new()
-    }
-
-    fn descriptor_static() -> &'static ::protobuf::reflect::MessageDescriptor {
-        static mut descriptor: ::protobuf::lazy::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            descriptor.get(|| {
-                let fields = ::std::vec::Vec::new();
-                ::protobuf::reflect::MessageDescriptor::new_pb_name::<Empty>(
-                    "Empty",
-                    fields,
-                    file_descriptor_proto()
-                )
-            })
-        }
-    }
-
-    fn default_instance() -> &'static Empty {
-        static mut instance: ::protobuf::lazy::Lazy<Empty> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            instance.get(Empty::new)
-        }
-    }
-}
-
-impl ::protobuf::Clear for Empty {
-    fn clear(&mut self) {
-        self.unknown_fields.clear();
-    }
-}
-
-impl ::std::fmt::Debug for Empty {
-    fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
-        ::protobuf::text_format::fmt(self, f)
-    }
-}
-
-impl ::protobuf::reflect::ProtobufValue for Empty {
-    fn as_ref(&self) -> ::protobuf::reflect::ReflectValueRef {
-        ::protobuf::reflect::ReflectValueRef::Message(self)
-    }
-}
-
-static file_descriptor_proto_data: &'static [u8] = b"\
-    \n\x1bgoogle/protobuf/empty.proto\x12\x0fgoogle.protobuf\"\x07\n\x05Empt\
-    yBT\n\x13com.google.protobufB\nEmptyProtoP\x01Z\x05types\xf8\x01\x01\xa2\
-    \x02\x03GPB\xaa\x02\x1eGoogle.Protobuf.WellKnownTypesJ\xa9\x14\n\x06\x12\
-    \x04\x1e\03\x10\n\xcc\x0c\n\x01\x0c\x12\x03\x1e\0\x122\xc1\x0c\x20Protoc\
-    ol\x20Buffers\x20-\x20Google's\x20data\x20interchange\x20format\n\x20Cop\
-    yright\x202008\x20Google\x20Inc.\x20\x20All\x20rights\x20reserved.\n\x20\
-    https://developers.google.com/protocol-buffers/\n\n\x20Redistribution\
-    \x20and\x20use\x20in\x20source\x20and\x20binary\x20forms,\x20with\x20or\
-    \x20without\n\x20modification,\x20are\x20permitted\x20provided\x20that\
-    \x20the\x20following\x20conditions\x20are\n\x20met:\n\n\x20\x20\x20\x20\
-    \x20*\x20Redistributions\x20of\x20source\x20code\x20must\x20retain\x20th\
-    e\x20above\x20copyright\n\x20notice,\x20this\x20list\x20of\x20conditions\
-    \x20and\x20the\x20following\x20disclaimer.\n\x20\x20\x20\x20\x20*\x20Red\
-    istributions\x20in\x20binary\x20form\x20must\x20reproduce\x20the\x20abov\
-    e\n\x20copyright\x20notice,\x20this\x20list\x20of\x20conditions\x20and\
-    \x20the\x20following\x20disclaimer\n\x20in\x20the\x20documentation\x20an\
-    d/or\x20other\x20materials\x20provided\x20with\x20the\n\x20distribution.\
-    \n\x20\x20\x20\x20\x20*\x20Neither\x20the\x20name\x20of\x20Google\x20Inc\
-    .\x20nor\x20the\x20names\x20of\x20its\n\x20contributors\x20may\x20be\x20\
-    used\x20to\x20endorse\x20or\x20promote\x20products\x20derived\x20from\n\
-    \x20this\x20software\x20without\x20specific\x20prior\x20written\x20permi\
-    ssion.\n\n\x20THIS\x20SOFTWARE\x20IS\x20PROVIDED\x20BY\x20THE\x20COPYRIG\
-    HT\x20HOLDERS\x20AND\x20CONTRIBUTORS\n\x20\"AS\x20IS\"\x20AND\x20ANY\x20\
-    EXPRESS\x20OR\x20IMPLIED\x20WARRANTIES,\x20INCLUDING,\x20BUT\x20NOT\n\
-    \x20LIMITED\x20TO,\x20THE\x20IMPLIED\x20WARRANTIES\x20OF\x20MERCHANTABIL\
-    ITY\x20AND\x20FITNESS\x20FOR\n\x20A\x20PARTICULAR\x20PURPOSE\x20ARE\x20D\
-    ISCLAIMED.\x20IN\x20NO\x20EVENT\x20SHALL\x20THE\x20COPYRIGHT\n\x20OWNER\
-    \x20OR\x20CONTRIBUTORS\x20BE\x20LIABLE\x20FOR\x20ANY\x20DIRECT,\x20INDIR\
-    ECT,\x20INCIDENTAL,\n\x20SPECIAL,\x20EXEMPLARY,\x20OR\x20CONSEQUENTIAL\
-    \x20DAMAGES\x20(INCLUDING,\x20BUT\x20NOT\n\x20LIMITED\x20TO,\x20PROCUREM\
-    ENT\x20OF\x20SUBSTITUTE\x20GOODS\x20OR\x20SERVICES;\x20LOSS\x20OF\x20USE\
-    ,\n\x20DATA,\x20OR\x20PROFITS;\x20OR\x20BUSINESS\x20INTERRUPTION)\x20HOW\
-    EVER\x20CAUSED\x20AND\x20ON\x20ANY\n\x20THEORY\x20OF\x20LIABILITY,\x20WH\
-    ETHER\x20IN\x20CONTRACT,\x20STRICT\x20LIABILITY,\x20OR\x20TORT\n\x20(INC\
-    LUDING\x20NEGLIGENCE\x20OR\x20OTHERWISE)\x20ARISING\x20IN\x20ANY\x20WAY\
-    \x20OUT\x20OF\x20THE\x20USE\n\x20OF\x20THIS\x20SOFTWARE,\x20EVEN\x20IF\
-    \x20ADVISED\x20OF\x20THE\x20POSSIBILITY\x20OF\x20SUCH\x20DAMAGE.\n\n\x08\
-    \n\x01\x02\x12\x03\x20\x08\x17\n\x08\n\x01\x08\x12\x03\"\0;\n\x0b\n\x04\
-    \x08\xe7\x07\0\x12\x03\"\0;\n\x0c\n\x05\x08\xe7\x07\0\x02\x12\x03\"\x07\
-    \x17\n\r\n\x06\x08\xe7\x07\0\x02\0\x12\x03\"\x07\x17\n\x0e\n\x07\x08\xe7\
-    \x07\0\x02\0\x01\x12\x03\"\x07\x17\n\x0c\n\x05\x08\xe7\x07\0\x07\x12\x03\
-    \"\x1a:\n\x08\n\x01\x08\x12\x03#\0\x1c\n\x0b\n\x04\x08\xe7\x07\x01\x12\
-    \x03#\0\x1c\n\x0c\n\x05\x08\xe7\x07\x01\x02\x12\x03#\x07\x11\n\r\n\x06\
-    \x08\xe7\x07\x01\x02\0\x12\x03#\x07\x11\n\x0e\n\x07\x08\xe7\x07\x01\x02\
-    \0\x01\x12\x03#\x07\x11\n\x0c\n\x05\x08\xe7\x07\x01\x07\x12\x03#\x14\x1b\
-    \n\x08\n\x01\x08\x12\x03$\0,\n\x0b\n\x04\x08\xe7\x07\x02\x12\x03$\0,\n\
-    \x0c\n\x05\x08\xe7\x07\x02\x02\x12\x03$\x07\x13\n\r\n\x06\x08\xe7\x07\
-    \x02\x02\0\x12\x03$\x07\x13\n\x0e\n\x07\x08\xe7\x07\x02\x02\0\x01\x12\
-    \x03$\x07\x13\n\x0c\n\x05\x08\xe7\x07\x02\x07\x12\x03$\x16+\n\x08\n\x01\
-    \x08\x12\x03%\0+\n\x0b\n\x04\x08\xe7\x07\x03\x12\x03%\0+\n\x0c\n\x05\x08\
-    \xe7\x07\x03\x02\x12\x03%\x07\x1b\n\r\n\x06\x08\xe7\x07\x03\x02\0\x12\
-    \x03%\x07\x1b\n\x0e\n\x07\x08\xe7\x07\x03\x02\0\x01\x12\x03%\x07\x1b\n\
-    \x0c\n\x05\x08\xe7\x07\x03\x07\x12\x03%\x1e*\n\x08\n\x01\x08\x12\x03&\0\
-    \"\n\x0b\n\x04\x08\xe7\x07\x04\x12\x03&\0\"\n\x0c\n\x05\x08\xe7\x07\x04\
-    \x02\x12\x03&\x07\x1a\n\r\n\x06\x08\xe7\x07\x04\x02\0\x12\x03&\x07\x1a\n\
-    \x0e\n\x07\x08\xe7\x07\x04\x02\0\x01\x12\x03&\x07\x1a\n\x0c\n\x05\x08\
-    \xe7\x07\x04\x03\x12\x03&\x1d!\n\x08\n\x01\x08\x12\x03'\0!\n\x0b\n\x04\
-    \x08\xe7\x07\x05\x12\x03'\0!\n\x0c\n\x05\x08\xe7\x07\x05\x02\x12\x03'\
-    \x07\x18\n\r\n\x06\x08\xe7\x07\x05\x02\0\x12\x03'\x07\x18\n\x0e\n\x07\
-    \x08\xe7\x07\x05\x02\0\x01\x12\x03'\x07\x18\n\x0c\n\x05\x08\xe7\x07\x05\
-    \x07\x12\x03'\x1b\x20\n\x08\n\x01\x08\x12\x03(\0\x1f\n\x0b\n\x04\x08\xe7\
-    \x07\x06\x12\x03(\0\x1f\n\x0c\n\x05\x08\xe7\x07\x06\x02\x12\x03(\x07\x17\
-    \n\r\n\x06\x08\xe7\x07\x06\x02\0\x12\x03(\x07\x17\n\x0e\n\x07\x08\xe7\
-    \x07\x06\x02\0\x01\x12\x03(\x07\x17\n\x0c\n\x05\x08\xe7\x07\x06\x03\x12\
-    \x03(\x1a\x1e\n\xfb\x02\n\x02\x04\0\x12\x033\0\x10\x1a\xef\x02\x20A\x20g\
-    eneric\x20empty\x20message\x20that\x20you\x20can\x20re-use\x20to\x20avoi\
-    d\x20defining\x20duplicated\n\x20empty\x20messages\x20in\x20your\x20APIs\
-    .\x20A\x20typical\x20example\x20is\x20to\x20use\x20it\x20as\x20the\x20re\
-    quest\n\x20or\x20the\x20response\x20type\x20of\x20an\x20API\x20method.\
-    \x20For\x20instance:\n\n\x20\x20\x20\x20\x20service\x20Foo\x20{\n\x20\
-    \x20\x20\x20\x20\x20\x20rpc\x20Bar(google.protobuf.Empty)\x20returns\x20\
-    (google.protobuf.Empty);\n\x20\x20\x20\x20\x20}\n\n\x20The\x20JSON\x20re\
-    presentation\x20for\x20`Empty`\x20is\x20empty\x20JSON\x20object\x20`{}`.\
-    \n\n\n\n\x03\x04\0\x01\x12\x033\x08\rb\x06proto3\
-";
-
-static mut file_descriptor_proto_lazy: ::protobuf::lazy::Lazy<::protobuf::descriptor::FileDescriptorProto> = ::protobuf::lazy::Lazy::INIT;
-
-fn parse_descriptor_proto() -> ::protobuf::descriptor::FileDescriptorProto {
-    ::protobuf::parse_from_bytes(file_descriptor_proto_data).unwrap()
-}
-
-pub fn file_descriptor_proto() -> &'static ::protobuf::descriptor::FileDescriptorProto {
-    unsafe {
-        file_descriptor_proto_lazy.get(|| {
-            parse_descriptor_proto()
-        })
-    }
-}
--- a/src/agent/protocols/src/health.rs
+++ b/src/agent/protocols/src/health.rs
@@ -1,672 +0,0 @@
-// This file is generated by rust-protobuf 2.14.0. Do not edit
-// @generated
-
-// https://github.com/rust-lang/rust-clippy/issues/702
-#![allow(unknown_lints)]
-#![allow(clippy::all)]
-
-#![cfg_attr(rustfmt, rustfmt_skip)]
-
-#![allow(box_pointers)]
-#![allow(dead_code)]
-#![allow(missing_docs)]
-#![allow(non_camel_case_types)]
-#![allow(non_snake_case)]
-#![allow(non_upper_case_globals)]
-#![allow(trivial_casts)]
-#![allow(unsafe_code)]
-#![allow(unused_imports)]
-#![allow(unused_results)]
-//! Generated file from `github.com/kata-containers/kata-containers/src/agent/protocols/protos/health.proto`
-
-use protobuf::Message as Message_imported_for_functions;
-use protobuf::ProtobufEnum as ProtobufEnum_imported_for_functions;
-
-/// Generated files are compatible only with the same version
-/// of protobuf runtime.
-// const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_2_14_0;
-
-#[derive(PartialEq,Clone,Default)]
-pub struct CheckRequest {
-    // message fields
-    pub service: ::std::string::String,
-    // special fields
-    pub unknown_fields: ::protobuf::UnknownFields,
-    pub cached_size: ::protobuf::CachedSize,
-}
-
-impl<'a> ::std::default::Default for &'a CheckRequest {
-    fn default() -> &'a CheckRequest {
-        <CheckRequest as ::protobuf::Message>::default_instance()
-    }
-}
-
-impl CheckRequest {
-    pub fn new() -> CheckRequest {
-        ::std::default::Default::default()
-    }
-
-    // string service = 1;
-
-
-    pub fn get_service(&self) -> &str {
-        &self.service
-    }
-    pub fn clear_service(&mut self) {
-        self.service.clear();
-    }
-
-    // Param is passed by value, moved
-    pub fn set_service(&mut self, v: ::std::string::String) {
-        self.service = v;
-    }
-
-    // Mutable pointer to the field.
-    // If field is not initialized, it is initialized with default value first.
-    pub fn mut_service(&mut self) -> &mut ::std::string::String {
-        &mut self.service
-    }
-
-    // Take field
-    pub fn take_service(&mut self) -> ::std::string::String {
-        ::std::mem::replace(&mut self.service, ::std::string::String::new())
-    }
-}
-
-impl ::protobuf::Message for CheckRequest {
-    fn is_initialized(&self) -> bool {
-        true
-    }
-
-    fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        while !is.eof()? {
-            let (field_number, wire_type) = is.read_tag_unpack()?;
-            match field_number {
-                1 => {
-                    ::protobuf::rt::read_singular_proto3_string_into(wire_type, is, &mut self.service)?;
-                },
-                _ => {
-                    ::protobuf::rt::read_unknown_or_skip_group(field_number, wire_type, is, self.mut_unknown_fields())?;
-                },
-            };
-        }
-        ::std::result::Result::Ok(())
-    }
-
-    // Compute sizes of nested messages
-    #[allow(unused_variables)]
-    fn compute_size(&self) -> u32 {
-        let mut my_size = 0;
-        if !self.service.is_empty() {
-            my_size += ::protobuf::rt::string_size(1, &self.service);
-        }
-        my_size += ::protobuf::rt::unknown_fields_size(self.get_unknown_fields());
-        self.cached_size.set(my_size);
-        my_size
-    }
-
-    fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        if !self.service.is_empty() {
-            os.write_string(1, &self.service)?;
-        }
-        os.write_unknown_fields(self.get_unknown_fields())?;
-        ::std::result::Result::Ok(())
-    }
-
-    fn get_cached_size(&self) -> u32 {
-        self.cached_size.get()
-    }
-
-    fn get_unknown_fields(&self) -> &::protobuf::UnknownFields {
-        &self.unknown_fields
-    }
-
-    fn mut_unknown_fields(&mut self) -> &mut ::protobuf::UnknownFields {
-        &mut self.unknown_fields
-    }
-
-    fn as_any(&self) -> &dyn (::std::any::Any) {
-        self as &dyn (::std::any::Any)
-    }
-    fn as_any_mut(&mut self) -> &mut dyn (::std::any::Any) {
-        self as &mut dyn (::std::any::Any)
-    }
-    fn into_any(self: Box<Self>) -> ::std::boxed::Box<dyn (::std::any::Any)> {
-        self
-    }
-
-    fn descriptor(&self) -> &'static ::protobuf::reflect::MessageDescriptor {
-        Self::descriptor_static()
-    }
-
-    fn new() -> CheckRequest {
-        CheckRequest::new()
-    }
-
-    fn descriptor_static() -> &'static ::protobuf::reflect::MessageDescriptor {
-        static mut descriptor: ::protobuf::lazy::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            descriptor.get(|| {
-                let mut fields = ::std::vec::Vec::new();
-                fields.push(::protobuf::reflect::accessor::make_simple_field_accessor::<_, ::protobuf::types::ProtobufTypeString>(
-                    "service",
-                    |m: &CheckRequest| { &m.service },
-                    |m: &mut CheckRequest| { &mut m.service },
-                ));
-                ::protobuf::reflect::MessageDescriptor::new_pb_name::<CheckRequest>(
-                    "CheckRequest",
-                    fields,
-                    file_descriptor_proto()
-                )
-            })
-        }
-    }
-
-    fn default_instance() -> &'static CheckRequest {
-        static mut instance: ::protobuf::lazy::Lazy<CheckRequest> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            instance.get(CheckRequest::new)
-        }
-    }
-}
-
-impl ::protobuf::Clear for CheckRequest {
-    fn clear(&mut self) {
-        self.service.clear();
-        self.unknown_fields.clear();
-    }
-}
-
-impl ::std::fmt::Debug for CheckRequest {
-    fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
-        ::protobuf::text_format::fmt(self, f)
-    }
-}
-
-impl ::protobuf::reflect::ProtobufValue for CheckRequest {
-    fn as_ref(&self) -> ::protobuf::reflect::ReflectValueRef {
-        ::protobuf::reflect::ReflectValueRef::Message(self)
-    }
-}
-
-#[derive(PartialEq,Clone,Default)]
-pub struct HealthCheckResponse {
-    // message fields
-    pub status: HealthCheckResponse_ServingStatus,
-    // special fields
-    pub unknown_fields: ::protobuf::UnknownFields,
-    pub cached_size: ::protobuf::CachedSize,
-}
-
-impl<'a> ::std::default::Default for &'a HealthCheckResponse {
-    fn default() -> &'a HealthCheckResponse {
-        <HealthCheckResponse as ::protobuf::Message>::default_instance()
-    }
-}
-
-impl HealthCheckResponse {
-    pub fn new() -> HealthCheckResponse {
-        ::std::default::Default::default()
-    }
-
-    // .grpc.HealthCheckResponse.ServingStatus status = 1;
-
-
-    pub fn get_status(&self) -> HealthCheckResponse_ServingStatus {
-        self.status
-    }
-    pub fn clear_status(&mut self) {
-        self.status = HealthCheckResponse_ServingStatus::UNKNOWN;
-    }
-
-    // Param is passed by value, moved
-    pub fn set_status(&mut self, v: HealthCheckResponse_ServingStatus) {
-        self.status = v;
-    }
-}
-
-impl ::protobuf::Message for HealthCheckResponse {
-    fn is_initialized(&self) -> bool {
-        true
-    }
-
-    fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        while !is.eof()? {
-            let (field_number, wire_type) = is.read_tag_unpack()?;
-            match field_number {
-                1 => {
-                    ::protobuf::rt::read_proto3_enum_with_unknown_fields_into(wire_type, is, &mut self.status, 1, &mut self.unknown_fields)?
-                },
-                _ => {
-                    ::protobuf::rt::read_unknown_or_skip_group(field_number, wire_type, is, self.mut_unknown_fields())?;
-                },
-            };
-        }
-        ::std::result::Result::Ok(())
-    }
-
-    // Compute sizes of nested messages
-    #[allow(unused_variables)]
-    fn compute_size(&self) -> u32 {
-        let mut my_size = 0;
-        if self.status != HealthCheckResponse_ServingStatus::UNKNOWN {
-            my_size += ::protobuf::rt::enum_size(1, self.status);
-        }
-        my_size += ::protobuf::rt::unknown_fields_size(self.get_unknown_fields());
-        self.cached_size.set(my_size);
-        my_size
-    }
-
-    fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        if self.status != HealthCheckResponse_ServingStatus::UNKNOWN {
-            os.write_enum(1, self.status.value())?;
-        }
-        os.write_unknown_fields(self.get_unknown_fields())?;
-        ::std::result::Result::Ok(())
-    }
-
-    fn get_cached_size(&self) -> u32 {
-        self.cached_size.get()
-    }
-
-    fn get_unknown_fields(&self) -> &::protobuf::UnknownFields {
-        &self.unknown_fields
-    }
-
-    fn mut_unknown_fields(&mut self) -> &mut ::protobuf::UnknownFields {
-        &mut self.unknown_fields
-    }
-
-    fn as_any(&self) -> &dyn (::std::any::Any) {
-        self as &dyn (::std::any::Any)
-    }
-    fn as_any_mut(&mut self) -> &mut dyn (::std::any::Any) {
-        self as &mut dyn (::std::any::Any)
-    }
-    fn into_any(self: Box<Self>) -> ::std::boxed::Box<dyn (::std::any::Any)> {
-        self
-    }
-
-    fn descriptor(&self) -> &'static ::protobuf::reflect::MessageDescriptor {
-        Self::descriptor_static()
-    }
-
-    fn new() -> HealthCheckResponse {
-        HealthCheckResponse::new()
-    }
-
-    fn descriptor_static() -> &'static ::protobuf::reflect::MessageDescriptor {
-        static mut descriptor: ::protobuf::lazy::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            descriptor.get(|| {
-                let mut fields = ::std::vec::Vec::new();
-                fields.push(::protobuf::reflect::accessor::make_simple_field_accessor::<_, ::protobuf::types::ProtobufTypeEnum<HealthCheckResponse_ServingStatus>>(
-                    "status",
-                    |m: &HealthCheckResponse| { &m.status },
-                    |m: &mut HealthCheckResponse| { &mut m.status },
-                ));
-                ::protobuf::reflect::MessageDescriptor::new_pb_name::<HealthCheckResponse>(
-                    "HealthCheckResponse",
-                    fields,
-                    file_descriptor_proto()
-                )
-            })
-        }
-    }
-
-    fn default_instance() -> &'static HealthCheckResponse {
-        static mut instance: ::protobuf::lazy::Lazy<HealthCheckResponse> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            instance.get(HealthCheckResponse::new)
-        }
-    }
-}
-
-impl ::protobuf::Clear for HealthCheckResponse {
-    fn clear(&mut self) {
-        self.status = HealthCheckResponse_ServingStatus::UNKNOWN;
-        self.unknown_fields.clear();
-    }
-}
-
-impl ::std::fmt::Debug for HealthCheckResponse {
-    fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
-        ::protobuf::text_format::fmt(self, f)
-    }
-}
-
-impl ::protobuf::reflect::ProtobufValue for HealthCheckResponse {
-    fn as_ref(&self) -> ::protobuf::reflect::ReflectValueRef {
-        ::protobuf::reflect::ReflectValueRef::Message(self)
-    }
-}
-
-#[derive(Clone,PartialEq,Eq,Debug,Hash)]
-pub enum HealthCheckResponse_ServingStatus {
-    UNKNOWN = 0,
-    SERVING = 1,
-    NOT_SERVING = 2,
-}
-
-impl ::protobuf::ProtobufEnum for HealthCheckResponse_ServingStatus {
-    fn value(&self) -> i32 {
-        *self as i32
-    }
-
-    fn from_i32(value: i32) -> ::std::option::Option<HealthCheckResponse_ServingStatus> {
-        match value {
-            0 => ::std::option::Option::Some(HealthCheckResponse_ServingStatus::UNKNOWN),
-            1 => ::std::option::Option::Some(HealthCheckResponse_ServingStatus::SERVING),
-            2 => ::std::option::Option::Some(HealthCheckResponse_ServingStatus::NOT_SERVING),
-            _ => ::std::option::Option::None
-        }
-    }
-
-    fn values() -> &'static [Self] {
-        static values: &'static [HealthCheckResponse_ServingStatus] = &[
-            HealthCheckResponse_ServingStatus::UNKNOWN,
-            HealthCheckResponse_ServingStatus::SERVING,
-            HealthCheckResponse_ServingStatus::NOT_SERVING,
-        ];
-        values
-    }
-
-    fn enum_descriptor_static() -> &'static ::protobuf::reflect::EnumDescriptor {
-        static mut descriptor: ::protobuf::lazy::Lazy<::protobuf::reflect::EnumDescriptor> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            descriptor.get(|| {
-                ::protobuf::reflect::EnumDescriptor::new_pb_name::<HealthCheckResponse_ServingStatus>("HealthCheckResponse.ServingStatus", file_descriptor_proto())
-            })
-        }
-    }
-}
-
-impl ::std::marker::Copy for HealthCheckResponse_ServingStatus {
-}
-
-impl ::std::default::Default for HealthCheckResponse_ServingStatus {
-    fn default() -> Self {
-        HealthCheckResponse_ServingStatus::UNKNOWN
-    }
-}
-
-impl ::protobuf::reflect::ProtobufValue for HealthCheckResponse_ServingStatus {
-    fn as_ref(&self) -> ::protobuf::reflect::ReflectValueRef {
-        ::protobuf::reflect::ReflectValueRef::Enum(self.descriptor())
-    }
-}
-
-#[derive(PartialEq,Clone,Default)]
-pub struct VersionCheckResponse {
-    // message fields
-    pub grpc_version: ::std::string::String,
-    pub agent_version: ::std::string::String,
-    // special fields
-    pub unknown_fields: ::protobuf::UnknownFields,
-    pub cached_size: ::protobuf::CachedSize,
-}
-
-impl<'a> ::std::default::Default for &'a VersionCheckResponse {
-    fn default() -> &'a VersionCheckResponse {
-        <VersionCheckResponse as ::protobuf::Message>::default_instance()
-    }
-}
-
-impl VersionCheckResponse {
-    pub fn new() -> VersionCheckResponse {
-        ::std::default::Default::default()
-    }
-
-    // string grpc_version = 1;
-
-
-    pub fn get_grpc_version(&self) -> &str {
-        &self.grpc_version
-    }
-    pub fn clear_grpc_version(&mut self) {
-        self.grpc_version.clear();
-    }
-
-    // Param is passed by value, moved
-    pub fn set_grpc_version(&mut self, v: ::std::string::String) {
-        self.grpc_version = v;
-    }
-
-    // Mutable pointer to the field.
-    // If field is not initialized, it is initialized with default value first.
-    pub fn mut_grpc_version(&mut self) -> &mut ::std::string::String {
-        &mut self.grpc_version
-    }
-
-    // Take field
-    pub fn take_grpc_version(&mut self) -> ::std::string::String {
-        ::std::mem::replace(&mut self.grpc_version, ::std::string::String::new())
-    }
-
-    // string agent_version = 2;
-
-
-    pub fn get_agent_version(&self) -> &str {
-        &self.agent_version
-    }
-    pub fn clear_agent_version(&mut self) {
-        self.agent_version.clear();
-    }
-
-    // Param is passed by value, moved
-    pub fn set_agent_version(&mut self, v: ::std::string::String) {
-        self.agent_version = v;
-    }
-
-    // Mutable pointer to the field.
-    // If field is not initialized, it is initialized with default value first.
-    pub fn mut_agent_version(&mut self) -> &mut ::std::string::String {
-        &mut self.agent_version
-    }
-
-    // Take field
-    pub fn take_agent_version(&mut self) -> ::std::string::String {
-        ::std::mem::replace(&mut self.agent_version, ::std::string::String::new())
-    }
-}
-
-impl ::protobuf::Message for VersionCheckResponse {
-    fn is_initialized(&self) -> bool {
-        true
-    }
-
-    fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        while !is.eof()? {
-            let (field_number, wire_type) = is.read_tag_unpack()?;
-            match field_number {
-                1 => {
-                    ::protobuf::rt::read_singular_proto3_string_into(wire_type, is, &mut self.grpc_version)?;
-                },
-                2 => {
-                    ::protobuf::rt::read_singular_proto3_string_into(wire_type, is, &mut self.agent_version)?;
-                },
-                _ => {
-                    ::protobuf::rt::read_unknown_or_skip_group(field_number, wire_type, is, self.mut_unknown_fields())?;
-                },
-            };
-        }
-        ::std::result::Result::Ok(())
-    }
-
-    // Compute sizes of nested messages
-    #[allow(unused_variables)]
-    fn compute_size(&self) -> u32 {
-        let mut my_size = 0;
-        if !self.grpc_version.is_empty() {
-            my_size += ::protobuf::rt::string_size(1, &self.grpc_version);
-        }
-        if !self.agent_version.is_empty() {
-            my_size += ::protobuf::rt::string_size(2, &self.agent_version);
-        }
-        my_size += ::protobuf::rt::unknown_fields_size(self.get_unknown_fields());
-        self.cached_size.set(my_size);
-        my_size
-    }
-
-    fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::ProtobufResult<()> {
-        if !self.grpc_version.is_empty() {
-            os.write_string(1, &self.grpc_version)?;
-        }
-        if !self.agent_version.is_empty() {
-            os.write_string(2, &self.agent_version)?;
-        }
-        os.write_unknown_fields(self.get_unknown_fields())?;
-        ::std::result::Result::Ok(())
-    }
-
-    fn get_cached_size(&self) -> u32 {
-        self.cached_size.get()
-    }
-
-    fn get_unknown_fields(&self) -> &::protobuf::UnknownFields {
-        &self.unknown_fields
-    }
-
-    fn mut_unknown_fields(&mut self) -> &mut ::protobuf::UnknownFields {
-        &mut self.unknown_fields
-    }
-
-    fn as_any(&self) -> &dyn (::std::any::Any) {
-        self as &dyn (::std::any::Any)
-    }
-    fn as_any_mut(&mut self) -> &mut dyn (::std::any::Any) {
-        self as &mut dyn (::std::any::Any)
-    }
-    fn into_any(self: Box<Self>) -> ::std::boxed::Box<dyn (::std::any::Any)> {
-        self
-    }
-
-    fn descriptor(&self) -> &'static ::protobuf::reflect::MessageDescriptor {
-        Self::descriptor_static()
-    }
-
-    fn new() -> VersionCheckResponse {
-        VersionCheckResponse::new()
-    }
-
-    fn descriptor_static() -> &'static ::protobuf::reflect::MessageDescriptor {
-        static mut descriptor: ::protobuf::lazy::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            descriptor.get(|| {
-                let mut fields = ::std::vec::Vec::new();
-                fields.push(::protobuf::reflect::accessor::make_simple_field_accessor::<_, ::protobuf::types::ProtobufTypeString>(
-                    "grpc_version",
-                    |m: &VersionCheckResponse| { &m.grpc_version },
-                    |m: &mut VersionCheckResponse| { &mut m.grpc_version },
-                ));
-                fields.push(::protobuf::reflect::accessor::make_simple_field_accessor::<_, ::protobuf::types::ProtobufTypeString>(
-                    "agent_version",
-                    |m: &VersionCheckResponse| { &m.agent_version },
-                    |m: &mut VersionCheckResponse| { &mut m.agent_version },
-                ));
-                ::protobuf::reflect::MessageDescriptor::new_pb_name::<VersionCheckResponse>(
-                    "VersionCheckResponse",
-                    fields,
-                    file_descriptor_proto()
-                )
-            })
-        }
-    }
-
-    fn default_instance() -> &'static VersionCheckResponse {
-        static mut instance: ::protobuf::lazy::Lazy<VersionCheckResponse> = ::protobuf::lazy::Lazy::INIT;
-        unsafe {
-            instance.get(VersionCheckResponse::new)
-        }
-    }
-}
-
-impl ::protobuf::Clear for VersionCheckResponse {
-    fn clear(&mut self) {
-        self.grpc_version.clear();
-        self.agent_version.clear();
-        self.unknown_fields.clear();
-    }
-}
-
-impl ::std::fmt::Debug for VersionCheckResponse {
-    fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
-        ::protobuf::text_format::fmt(self, f)
-    }
-}
-
-impl ::protobuf::reflect::ProtobufValue for VersionCheckResponse {
-    fn as_ref(&self) -> ::protobuf::reflect::ReflectValueRef {
-        ::protobuf::reflect::ReflectValueRef::Message(self)
-    }
-}
-
-static file_descriptor_proto_data: &'static [u8] = b"\
-    \nRgithub.com/kata-containers/kata-containers/src/agent/protocols/protos\
-    /health.proto\x12\x04grpc\x1a-github.com/gogo/protobuf/gogoproto/gogo.pr\
-    oto\"(\n\x0cCheckRequest\x12\x18\n\x07service\x18\x01\x20\x01(\tR\x07ser\
-    vice\"\x92\x01\n\x13HealthCheckResponse\x12?\n\x06status\x18\x01\x20\x01\
-    (\x0e2'.grpc.HealthCheckResponse.ServingStatusR\x06status\":\n\rServingS\
-    tatus\x12\x0b\n\x07UNKNOWN\x10\0\x12\x0b\n\x07SERVING\x10\x01\x12\x0f\n\
-    \x0bNOT_SERVING\x10\x02\"^\n\x14VersionCheckResponse\x12!\n\x0cgrpc_vers\
-    ion\x18\x01\x20\x01(\tR\x0bgrpcVersion\x12#\n\ragent_version\x18\x02\x20\
-    \x01(\tR\x0cagentVersion2{\n\x06Health\x126\n\x05Check\x12\x12.grpc.Chec\
-    kRequest\x1a\x19.grpc.HealthCheckResponse\x129\n\x07Version\x12\x12.grpc\
-    .CheckRequest\x1a\x1a.grpc.VersionCheckResponseBpZ^github.com/kata-conta\
-    iners/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grp\
-    c\xb8\xe2\x1e\x01\xc0\xe2\x1e\x01\xa8\xe2\x1e\x01\xf8\xe1\x1e\x01J\x90\
-    \x07\n\x06\x12\x04\x07\0)\x01\nq\n\x01\x0c\x12\x03\x07\0\x122g\n\x20Copy\
-    right\x202017\x20HyperHQ\x20Inc.\n\x20Copyright\x20(c)\x202019\x20Ant\
-    \x20Financial\n\n\x20SPDX-License-Identifier:\x20Apache-2.0\n\n\n\x08\n\
-    \x01\x08\x12\x03\t\0u\n\t\n\x02\x08\x0b\x12\x03\t\0u\n\x08\n\x01\x02\x12\
-    \x03\x0b\0\r\n\t\n\x02\x03\0\x12\x03\r\07\n\x08\n\x01\x08\x12\x03\x0f\0$\
-    \n\x0b\n\x04\x08\xa5\xec\x03\x12\x03\x0f\0$\n\x08\n\x01\x08\x12\x03\x10\
-    \0'\n\x0b\n\x04\x08\x9f\xec\x03\x12\x03\x10\0'\n\x08\n\x01\x08\x12\x03\
-    \x11\0&\n\x0b\n\x04\x08\xa7\xec\x03\x12\x03\x11\0&\n\x08\n\x01\x08\x12\
-    \x03\x12\0'\n\x0b\n\x04\x08\xa8\xec\x03\x12\x03\x12\0'\n\n\n\x02\x04\0\
-    \x12\x04\x14\0\x16\x01\n\n\n\x03\x04\0\x01\x12\x03\x14\x08\x14\n\x0b\n\
-    \x04\x04\0\x02\0\x12\x03\x15\x08\x1b\n\r\n\x05\x04\0\x02\0\x04\x12\x04\
-    \x15\x08\x14\x16\n\x0c\n\x05\x04\0\x02\0\x05\x12\x03\x15\x08\x0e\n\x0c\n\
-    \x05\x04\0\x02\0\x01\x12\x03\x15\x0f\x16\n\x0c\n\x05\x04\0\x02\0\x03\x12\
-    \x03\x15\x19\x1a\n\n\n\x02\x04\x01\x12\x04\x18\0\x1f\x01\n\n\n\x03\x04\
-    \x01\x01\x12\x03\x18\x08\x1b\n\x0c\n\x04\x04\x01\x04\0\x12\x04\x19\x08\
-    \x1d\t\n\x0c\n\x05\x04\x01\x04\0\x01\x12\x03\x19\r\x1a\n\r\n\x06\x04\x01\
-    \x04\0\x02\0\x12\x03\x1a\x10\x1c\n\x0e\n\x07\x04\x01\x04\0\x02\0\x01\x12\
-    \x03\x1a\x10\x17\n\x0e\n\x07\x04\x01\x04\0\x02\0\x02\x12\x03\x1a\x1a\x1b\
-    \n\r\n\x06\x04\x01\x04\0\x02\x01\x12\x03\x1b\x10\x1c\n\x0e\n\x07\x04\x01\
-    \x04\0\x02\x01\x01\x12\x03\x1b\x10\x17\n\x0e\n\x07\x04\x01\x04\0\x02\x01\
-    \x02\x12\x03\x1b\x1a\x1b\n\r\n\x06\x04\x01\x04\0\x02\x02\x12\x03\x1c\x10\
-    \x20\n\x0e\n\x07\x04\x01\x04\0\x02\x02\x01\x12\x03\x1c\x10\x1b\n\x0e\n\
-    \x07\x04\x01\x04\0\x02\x02\x02\x12\x03\x1c\x1e\x1f\n\x0b\n\x04\x04\x01\
-    \x02\0\x12\x03\x1e\x08!\n\r\n\x05\x04\x01\x02\0\x04\x12\x04\x1e\x08\x1d\
-    \t\n\x0c\n\x05\x04\x01\x02\0\x06\x12\x03\x1e\x08\x15\n\x0c\n\x05\x04\x01\
-    \x02\0\x01\x12\x03\x1e\x16\x1c\n\x0c\n\x05\x04\x01\x02\0\x03\x12\x03\x1e\
-    \x1f\x20\n\n\n\x02\x04\x02\x12\x04!\0$\x01\n\n\n\x03\x04\x02\x01\x12\x03\
-    !\x08\x1c\n\x0b\n\x04\x04\x02\x02\0\x12\x03\"\x08\x20\n\r\n\x05\x04\x02\
-    \x02\0\x04\x12\x04\"\x08!\x1e\n\x0c\n\x05\x04\x02\x02\0\x05\x12\x03\"\
-    \x08\x0e\n\x0c\n\x05\x04\x02\x02\0\x01\x12\x03\"\x0f\x1b\n\x0c\n\x05\x04\
-    \x02\x02\0\x03\x12\x03\"\x1e\x1f\n\x0b\n\x04\x04\x02\x02\x01\x12\x03#\
-    \x08!\n\r\n\x05\x04\x02\x02\x01\x04\x12\x04#\x08\"\x20\n\x0c\n\x05\x04\
-    \x02\x02\x01\x05\x12\x03#\x08\x0e\n\x0c\n\x05\x04\x02\x02\x01\x01\x12\
-    \x03#\x0f\x1c\n\x0c\n\x05\x04\x02\x02\x01\x03\x12\x03#\x1f\x20\n\n\n\x02\
-    \x06\0\x12\x04&\0)\x01\n\n\n\x03\x06\0\x01\x12\x03&\x08\x0e\n\x0b\n\x04\
-    \x06\0\x02\0\x12\x03'\x08>\n\x0c\n\x05\x06\0\x02\0\x01\x12\x03'\x0c\x11\
-    \n\x0c\n\x05\x06\0\x02\0\x02\x12\x03'\x12\x1e\n\x0c\n\x05\x06\0\x02\0\
-    \x03\x12\x03')<\n\x0b\n\x04\x06\0\x02\x01\x12\x03(\x08A\n\x0c\n\x05\x06\
-    \0\x02\x01\x01\x12\x03(\x0c\x13\n\x0c\n\x05\x06\0\x02\x01\x02\x12\x03(\
-    \x14\x20\n\x0c\n\x05\x06\0\x02\x01\x03\x12\x03(+?b\x06proto3\
-";
-
-static mut file_descriptor_proto_lazy: ::protobuf::lazy::Lazy<::protobuf::descriptor::FileDescriptorProto> = ::protobuf::lazy::Lazy::INIT;
-
-fn parse_descriptor_proto() -> ::protobuf::descriptor::FileDescriptorProto {
-    ::protobuf::parse_from_bytes(file_descriptor_proto_data).unwrap()
-}
-
-pub fn file_descriptor_proto() -> &'static ::protobuf::descriptor::FileDescriptorProto {
-    unsafe {
-        file_descriptor_proto_lazy.get(|| {
-            parse_descriptor_proto()
-        })
-    }
-}
--- a/src/agent/protocols/src/health_ttrpc.rs
+++ b/src/agent/protocols/src/health_ttrpc.rs
@@ -1,90 +0,0 @@
-// This file is generated by ttrpc-compiler 0.3.0. Do not edit
-// @generated
-
-// https://github.com/Manishearth/rust-clippy/issues/702
-#![allow(unknown_lints)]
-#![allow(clipto_camel_casepy)]
-
-#![cfg_attr(rustfmt, rustfmt_skip)]
-
-#![allow(box_pointers)]
-#![allow(dead_code)]
-#![allow(missing_docs)]
-#![allow(non_camel_case_types)]
-#![allow(non_snake_case)]
-#![allow(non_upper_case_globals)]
-#![allow(trivial_casts)]
-#![allow(unsafe_code)]
-#![allow(unused_imports)]
-#![allow(unused_results)]
-use protobuf::{CodedInputStream, CodedOutputStream, Message};
-use std::collections::HashMap;
-use std::sync::Arc;
-
-#[derive(Clone)]
-pub struct HealthClient {
-    client: ::ttrpc::Client,
-}
-
-impl HealthClient {
-    pub fn new(client: ::ttrpc::Client) -> Self {
-        HealthClient {
-            client: client,
-        }
-    }
-
-    pub fn check(&self, req: &super::health::CheckRequest, timeout_nano: i64) -> ::ttrpc::Result<super::health::HealthCheckResponse> {
-        let mut cres = super::health::HealthCheckResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.Health", "Check", cres);
-        Ok(cres)
-    }
-
-    pub fn version(&self, req: &super::health::CheckRequest, timeout_nano: i64) -> ::ttrpc::Result<super::health::VersionCheckResponse> {
-        let mut cres = super::health::VersionCheckResponse::new();
-        ::ttrpc::client_request!(self, req, timeout_nano, "grpc.Health", "Version", cres);
-        Ok(cres)
-    }
-}
-
-struct CheckMethod {
-    service: Arc<std::boxed::Box<dyn Health + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for CheckMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, health, CheckRequest, check);
-        Ok(())
-    }
-}
-
-struct VersionMethod {
-    service: Arc<std::boxed::Box<dyn Health + Send + Sync>>,
-}
-
-impl ::ttrpc::MethodHandler for VersionMethod {
-    fn handler(&self, ctx: ::ttrpc::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<()> {
-        ::ttrpc::request_handler!(self, ctx, req, health, CheckRequest, version);
-        Ok(())
-    }
-}
-
-pub trait Health {
-    fn check(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::health::CheckRequest) -> ::ttrpc::Result<super::health::HealthCheckResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.Health/Check is not supported".to_string())))
-    }
-    fn version(&self, _ctx: &::ttrpc::TtrpcContext, _req: super::health::CheckRequest) -> ::ttrpc::Result<super::health::VersionCheckResponse> {
-        Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/grpc.Health/Version is not supported".to_string())))
-    }
-}
-
-pub fn create_health(service: Arc<std::boxed::Box<dyn Health + Send + Sync>>) -> HashMap <String, Box<dyn ::ttrpc::MethodHandler + Send + Sync>> {
-    let mut methods = HashMap::new();
-
-    methods.insert("/grpc.Health/Check".to_string(),
-                    std::boxed::Box::new(CheckMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods.insert("/grpc.Health/Version".to_string(),
-                    std::boxed::Box::new(VersionMethod{service: service.clone()}) as std::boxed::Box<dyn ::ttrpc::MethodHandler + Send + Sync>);
-
-    methods
-}
--- a/src/agent/protocols/src/lib.rs
+++ b/src/agent/protocols/src/lib.rs
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 #![allow(bare_trait_objects)]
+#![allow(clippy::redundant_field_names)]

 pub mod agent;
 pub mod agent_ttrpc;
@@ -11,11 +12,3 @@ pub mod health;
 pub mod health_ttrpc;
 pub mod oci;
 pub mod types;
-
-#[cfg(test)]
-mod tests {
-    #[test]
-    fn it_works() {
-        assert_eq!(2 + 2, 4);
-    }
-}
--- a/src/agent/protocols/src/oci.rs
+++ b/src/agent/protocols/src/oci.rs
--- a/src/agent/protocols/src/types.rs
+++ b/src/agent/protocols/src/types.rs
--- a/src/agent/rustjail/src/capabilities.rs
+++ b/src/agent/rustjail/src/capabilities.rs
@@ -6,8 +6,6 @@
 // looks like we can use caps to manipulate capabilities
 // conveniently, use caps to do it directly.. maybe

-use lazy_static;
-
 use crate::log_child;
 use crate::sync::write_count;
 use anyhow::{anyhow, Result};
--- a/src/agent/rustjail/src/cgroups/fs/mod.rs
+++ b/src/agent/rustjail/src/cgroups/fs/mod.rs
@@ -21,7 +21,6 @@ use cgroups::{
 use crate::cgroups::Manager as CgroupManager;
 use crate::container::DEFAULT_DEVICES;
 use anyhow::{anyhow, Context, Result};
-use lazy_static;
 use libc::{self, pid_t};
 use nix::errno::Errno;
 use oci::{
@@ -46,18 +45,19 @@ macro_rules! sl {
 }

 pub fn load_or_create<'a>(h: Box<&'a dyn cgroups::Hierarchy>, path: &str) -> Cgroup<'a> {
-    let valid_path = path.trim_start_matches("/").to_string();
+    let valid_path = path.trim_start_matches('/').to_string();
    let cg = load(h.clone(), &valid_path);
-    if cg.is_none() {
-        info!(sl!(), "create new cgroup: {}", &valid_path);
-        cgroups::Cgroup::new(h, valid_path.as_str())
-    } else {
-        cg.unwrap()
+    match cg {
+        Some(cg) => cg,
+        None => {
+            info!(sl!(), "create new cgroup: {}", &valid_path);
+            cgroups::Cgroup::new(h, valid_path.as_str())
+        }
    }
 }

 pub fn load<'a>(h: Box<&'a dyn cgroups::Hierarchy>, path: &str) -> Option<Cgroup<'a>> {
-    let valid_path = path.trim_start_matches("/").to_string();
+    let valid_path = path.trim_start_matches('/').to_string();
    let cg = cgroups::Cgroup::load(h, valid_path.as_str());
    let cpu_controller: &CpuController = cg.controller_of().unwrap();
    if cpu_controller.exists() {
@@ -67,6 +67,15 @@ pub fn load<'a>(h: Box<&'a dyn cgroups::Hierarchy>, path: &str) -> Option<Cgroup
    }
 }

+macro_rules! get_controller_or_return_singular_none {
+    ($cg:ident) => {
+        match $cg.controller_of() {
+            Some(c) => c,
+            None => return SingularPtrField::none(),
+        }
+    };
+}
+
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct Manager {
    pub paths: HashMap<String, String>,
@@ -122,21 +131,21 @@ impl CgroupManager for Manager {

        // set block_io resources
        if let Some(blkio) = &r.block_io {
-            set_block_io_resources(&cg, blkio, res)?;
+            set_block_io_resources(&cg, blkio, res);
        }

        // set hugepages resources
-        if r.hugepage_limits.len() > 0 {
-            set_hugepages_resources(&cg, &r.hugepage_limits, res)?;
+        if !r.hugepage_limits.is_empty() {
+            set_hugepages_resources(&cg, &r.hugepage_limits, res);
        }

        // set network resources
        if let Some(network) = &r.network {
-            set_network_resources(&cg, network, res)?;
+            set_network_resources(&cg, network, res);
        }

        // set devices resources
-        set_devices_resources(&cg, &r.devices, res)?;
+        set_devices_resources(&cg, &r.devices, res);
        info!(sl!(), "resources after processed {:?}", res);

        // apply resources
@@ -210,8 +219,8 @@ impl CgroupManager for Manager {
        let h = cgroups::hierarchies::auto();
        let h = Box::new(&*h);
        let cg = load(h, &self.cpath);
-        if cg.is_some() {
-            cg.unwrap().delete();
+        if let Some(cg) = cg {
+            cg.delete();
        }
        Ok(())
    }
@@ -232,7 +241,7 @@ fn set_network_resources(
    _cg: &cgroups::Cgroup,
    network: &LinuxNetwork,
    res: &mut cgroups::Resources,
-) -> Result<()> {
+) {
    info!(sl!(), "cgroup manager set network");

    // set classid
@@ -254,14 +263,13 @@ fn set_network_resources(

    res.network.update_values = true;
    res.network.priorities = priorities;
-    Ok(())
 }

 fn set_devices_resources(
    _cg: &cgroups::Cgroup,
-    device_resources: &Vec<LinuxDeviceCgroup>,
+    device_resources: &[LinuxDeviceCgroup],
    res: &mut cgroups::Resources,
-) -> Result<()> {
+) {
    info!(sl!(), "cgroup manager set devices");
    let mut devices = vec![];

@@ -285,15 +293,13 @@ fn set_devices_resources(

    res.devices.update_values = true;
    res.devices.devices = devices;
-
-    Ok(())
 }

 fn set_hugepages_resources(
    _cg: &cgroups::Cgroup,
-    hugepage_limits: &Vec<LinuxHugepageLimit>,
+    hugepage_limits: &[LinuxHugepageLimit],
    res: &mut cgroups::Resources,
-) -> Result<()> {
+) {
    info!(sl!(), "cgroup manager set hugepage");
    res.hugepages.update_values = true;
    let mut limits = vec![];
@@ -306,42 +312,26 @@ fn set_hugepages_resources(
        limits.push(hr);
    }
    res.hugepages.limits = limits;
-
-    Ok(())
 }

 fn set_block_io_resources(
-    cg: &cgroups::Cgroup,
+    _cg: &cgroups::Cgroup,
    blkio: &LinuxBlockIO,
    res: &mut cgroups::Resources,
-) -> Result<()> {
+) {
    info!(sl!(), "cgroup manager set block io");
    res.blkio.update_values = true;

-    if cg.v2() {
-        res.blkio.weight = convert_blk_io_to_v2_value(blkio.weight);
-        res.blkio.leaf_weight = convert_blk_io_to_v2_value(blkio.leaf_weight);
-    } else {
-        res.blkio.weight = blkio.weight;
-        res.blkio.leaf_weight = blkio.leaf_weight;
-    }
+    res.blkio.weight = blkio.weight;
+    res.blkio.leaf_weight = blkio.leaf_weight;

    let mut blk_device_resources = vec![];
    for d in blkio.weight_device.iter() {
-        let (w, lw) = if cg.v2() {
-            (
-                convert_blk_io_to_v2_value(blkio.weight),
-                convert_blk_io_to_v2_value(blkio.leaf_weight),
-            )
-        } else {
-            (blkio.weight, blkio.leaf_weight)
-        };
-
        let dr = BlkIoDeviceResource {
            major: d.blk.major as u64,
            minor: d.blk.minor as u64,
-            weight: w,
-            leaf_weight: lw,
+            weight: blkio.weight,
+            leaf_weight: blkio.leaf_weight,
        };
        blk_device_resources.push(dr);
    }
@@ -355,8 +345,6 @@ fn set_block_io_resources(
        build_blk_io_device_throttle_resource(&blkio.throttle_read_iops_device);
    res.blkio.throttle_write_iops_device =
        build_blk_io_device_throttle_resource(&blkio.throttle_write_iops_device);
-
-    Ok(())
 }

 fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> {
@@ -421,13 +409,13 @@ fn set_memory_resources(cg: &cgroups::Cgroup, memory: &LinuxMemory, update: bool
        }
    }

-    if let Some(swapiness) = memory.swapiness {
-        if swapiness >= 0 && swapiness <= 100 {
-            mem_controller.set_swappiness(swapiness as u64)?;
+    if let Some(swappiness) = memory.swappiness {
+        if (0..=100).contains(&swappiness) {
+            mem_controller.set_swappiness(swappiness as u64)?;
        } else {
            return Err(anyhow!(
                "invalid value:{}. valid memory swappiness range is 0-100",
-                swapiness
+                swappiness
            ));
        }
    }
@@ -453,7 +441,7 @@ fn set_pids_resources(cg: &cgroups::Cgroup, pids: &LinuxPids) -> Result<()> {
 }

 fn build_blk_io_device_throttle_resource(
-    input: &Vec<oci::LinuxThrottleDevice>,
+    input: &[oci::LinuxThrottleDevice],
 ) -> Vec<BlkIoDeviceThrottleResource> {
    let mut blk_io_device_throttle_resources = vec![];
    for d in input.iter() {
@@ -605,10 +593,8 @@ lazy_static! {
 }

 fn get_cpu_stats(cg: &cgroups::Cgroup) -> SingularPtrField<ThrottlingData> {
-    let cpu_controller: &CpuController = cg.controller_of().unwrap();
-
+    let cpu_controller: &CpuController = get_controller_or_return_singular_none!(cg);
    let stat = cpu_controller.cpu().stat;
-
    let h = lines_to_map(&stat);

    SingularPtrField::some(ThrottlingData {
@@ -621,27 +607,18 @@ fn get_cpu_stats(cg: &cgroups::Cgroup) -> SingularPtrField<ThrottlingData> {
 }

 fn get_cpuacct_stats(cg: &cgroups::Cgroup) -> SingularPtrField<CpuUsage> {
-    let cpuacct_controller: Option<&CpuAcctController> = cg.controller_of();
-    if cpuacct_controller.is_none() {
-        if cg.v2() {
-            return SingularPtrField::some(CpuUsage {
-                total_usage: 0,
-                percpu_usage: vec![],
-                usage_in_kernelmode: 0,
-                usage_in_usermode: 0,
-                unknown_fields: UnknownFields::default(),
-                cached_size: CachedSize::default(),
-            });
-        }
+    if let Some(cpuacct_controller) = cg.controller_of::<CpuAcctController>() {
+        let cpuacct = cpuacct_controller.cpuacct();

-        // try to get from cpu controller
-        let cpu_controller: &CpuController = cg.controller_of().unwrap();
-        let stat = cpu_controller.cpu().stat;
-        let h = lines_to_map(&stat);
-        let usage_in_usermode = *h.get("user_usec").unwrap();
-        let usage_in_kernelmode = *h.get("system_usec").unwrap();
-        let total_usage = *h.get("usage_usec").unwrap();
-        let percpu_usage = vec![];
+        let h = lines_to_map(&cpuacct.stat);
+        let usage_in_usermode =
+            (((*h.get("user").unwrap() * NANO_PER_SECOND) as f64) / *CLOCK_TICKS) as u64;
+        let usage_in_kernelmode =
+            (((*h.get("system").unwrap() * NANO_PER_SECOND) as f64) / *CLOCK_TICKS) as u64;
+
+        let total_usage = cpuacct.usage;
+
+        let percpu_usage = line_to_vec(&cpuacct.usage_percpu);

        return SingularPtrField::some(CpuUsage {
            total_usage,
@@ -653,18 +630,25 @@ fn get_cpuacct_stats(cg: &cgroups::Cgroup) -> SingularPtrField<CpuUsage> {
        });
    }

-    let cpuacct_controller = cpuacct_controller.unwrap();
-    let cpuacct = cpuacct_controller.cpuacct();
+    if cg.v2() {
+        return SingularPtrField::some(CpuUsage {
+            total_usage: 0,
+            percpu_usage: vec![],
+            usage_in_kernelmode: 0,
+            usage_in_usermode: 0,
+            unknown_fields: UnknownFields::default(),
+            cached_size: CachedSize::default(),
+        });
+    }

-    let h = lines_to_map(&cpuacct.stat);
-    let usage_in_usermode =
-        (((*h.get("user").unwrap() * NANO_PER_SECOND) as f64) / *CLOCK_TICKS) as u64;
-    let usage_in_kernelmode =
-        (((*h.get("system").unwrap() * NANO_PER_SECOND) as f64) / *CLOCK_TICKS) as u64;
-
-    let total_usage = cpuacct.usage;
-
-    let percpu_usage = line_to_vec(&cpuacct.usage_percpu);
+    // try to get from cpu controller
+    let cpu_controller: &CpuController = get_controller_or_return_singular_none!(cg);
+    let stat = cpu_controller.cpu().stat;
+    let h = lines_to_map(&stat);
+    let usage_in_usermode = *h.get("user_usec").unwrap();
+    let usage_in_kernelmode = *h.get("system_usec").unwrap();
+    let total_usage = *h.get("usage_usec").unwrap();
+    let percpu_usage = vec![];

    SingularPtrField::some(CpuUsage {
        total_usage,
@@ -677,7 +661,7 @@ fn get_cpuacct_stats(cg: &cgroups::Cgroup) -> SingularPtrField<CpuUsage> {
 }

 fn get_memory_stats(cg: &cgroups::Cgroup) -> SingularPtrField<MemoryStats> {
-    let memory_controller: &MemController = cg.controller_of().unwrap();
+    let memory_controller: &MemController = get_controller_or_return_singular_none!(cg);

    // cache from memory stat
    let memory = memory_controller.memory_stat();
@@ -685,7 +669,7 @@ fn get_memory_stats(cg: &cgroups::Cgroup) -> SingularPtrField<MemoryStats> {

    // use_hierarchy
    let value = memory.use_hierarchy;
-    let use_hierarchy = if value == 1 { true } else { false };
+    let use_hierarchy = value == 1;

    // gte memory datas
    let usage = SingularPtrField::some(MemoryData {
@@ -734,18 +718,17 @@ fn get_memory_stats(cg: &cgroups::Cgroup) -> SingularPtrField<MemoryStats> {
 }

 fn get_pids_stats(cg: &cgroups::Cgroup) -> SingularPtrField<PidsStats> {
-    let pid_controller: &PidController = cg.controller_of().unwrap();
+    let pid_controller: &PidController = get_controller_or_return_singular_none!(cg);

    let current = pid_controller.get_pid_current().unwrap_or(0);
    let max = pid_controller.get_pid_max();

-    let limit = if max.is_err() {
-        0
-    } else {
-        match max.unwrap() {
+    let limit = match max {
+        Err(_) => 0,
+        Ok(max) => match max {
            MaxValue::Value(v) => v,
            MaxValue::Max => 0,
-        }
+        },
    } as u64;

    SingularPtrField::some(PidsStats {
@@ -788,9 +771,9 @@ https://github.com/opencontainers/runc/blob/a5847db387ae28c0ca4ebe4beee1a76900c8
    Total 0
 */

-fn get_blkio_stat_blkiodata(blkiodata: &Vec<BlkIoData>) -> RepeatedField<BlkioStatsEntry> {
+fn get_blkio_stat_blkiodata(blkiodata: &[BlkIoData]) -> RepeatedField<BlkioStatsEntry> {
    let mut m = RepeatedField::new();
-    if blkiodata.len() == 0 {
+    if blkiodata.is_empty() {
        return m;
    }

@@ -810,10 +793,10 @@ fn get_blkio_stat_blkiodata(blkiodata: &Vec<BlkIoData>) -> RepeatedField<BlkioSt
    m
 }

-fn get_blkio_stat_ioservice(services: &Vec<IoService>) -> RepeatedField<BlkioStatsEntry> {
+fn get_blkio_stat_ioservice(services: &[IoService]) -> RepeatedField<BlkioStatsEntry> {
    let mut m = RepeatedField::new();

-    if services.len() == 0 {
+    if services.is_empty() {
        return m;
    }

@@ -834,14 +817,14 @@ fn build_blkio_stats_entry(major: i16, minor: i16, op: &str, value: u64) -> Blki
        major: major as u64,
        minor: minor as u64,
        op: op.to_string(),
-        value: value,
+        value,
        unknown_fields: UnknownFields::default(),
        cached_size: CachedSize::default(),
    }
 }

 fn get_blkio_stats_v2(cg: &cgroups::Cgroup) -> SingularPtrField<BlkioStats> {
-    let blkio_controller: &BlkIoController = cg.controller_of().unwrap();
+    let blkio_controller: &BlkIoController = get_controller_or_return_singular_none!(cg);
    let blkio = blkio_controller.blkio();

    let mut resp = BlkioStats::new();
@@ -869,13 +852,13 @@ fn get_blkio_stats(cg: &cgroups::Cgroup) -> SingularPtrField<BlkioStats> {
        return get_blkio_stats_v2(&cg);
    }

-    let blkio_controller: &BlkIoController = cg.controller_of().unwrap();
+    let blkio_controller: &BlkIoController = get_controller_or_return_singular_none!(cg);
    let blkio = blkio_controller.blkio();

    let mut m = BlkioStats::new();
    let io_serviced_recursive = blkio.io_serviced_recursive;

-    if io_serviced_recursive.len() == 0 {
+    if io_serviced_recursive.is_empty() {
        // fall back to generic stats
        // blkio.throttle.io_service_bytes,
        // maybe io_service_bytes_recursive?
@@ -930,8 +913,8 @@ fn get_hugetlb_stats(cg: &cgroups::Cgroup) -> HashMap<String, HugetlbStats> {
    h
 }

-pub const PATHS: &'static str = "/proc/self/cgroup";
-pub const MOUNTS: &'static str = "/proc/self/mountinfo";
+pub const PATHS: &str = "/proc/self/cgroup";
+pub const MOUNTS: &str = "/proc/self/mountinfo";

 pub fn get_paths() -> Result<HashMap<String, String>> {
    let mut m = HashMap::new();
@@ -1017,11 +1000,11 @@ impl Manager {
        })
    }

-    pub fn update_cpuset_path(&self, cpuset_cpus: &str) -> Result<()> {
-        if cpuset_cpus == "" {
+    pub fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> {
+        if guest_cpuset.is_empty() {
            return Ok(());
        }
-        info!(sl!(), "update_cpuset_path to: {}", cpuset_cpus);
+        info!(sl!(), "update_cpuset_path to: {}", guest_cpuset);

        let h = cgroups::hierarchies::auto();
        let h = Box::new(&*h);
@@ -1035,8 +1018,8 @@ impl Manager {
        let h = cgroups::hierarchies::auto();
        let h = Box::new(&*h);
        let cg = load_or_create(h, &self.cpath);
-        let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
-        let path = cpuset_controller.path();
+        let container_cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
+        let path = container_cpuset_controller.path();
        let container_path = Path::new(path);
        info!(sl!(), "container cpuset path: {:?}", &path);

@@ -1045,18 +1028,16 @@ impl Manager {
            if ancestor == root_path {
                break;
            }
-            if ancestor != container_path {
-                paths.push(ancestor);
-            }
+            paths.push(ancestor);
        }
-        info!(sl!(), "paths to update cpuset: {:?}", &paths);
+        info!(sl!(), "parent paths to update cpuset: {:?}", &paths);

        let mut i = paths.len();
        loop {
            if i == 0 {
                break;
            }
-            i = i - 1;
+            i -= 1;
            let h = cgroups::hierarchies::auto();
            let h = Box::new(&*h);

@@ -1065,10 +1046,20 @@ impl Manager {
                .to_str()
                .unwrap()
                .trim_start_matches(root_path.to_str().unwrap());
-            info!(sl!(), "updating cpuset for path {:?}", &r_path);
+            info!(sl!(), "updating cpuset for parent path {:?}", &r_path);
            let cg = load_or_create(h, &r_path);
            let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
-            cpuset_controller.set_cpus(cpuset_cpus)?;
+            cpuset_controller.set_cpus(guest_cpuset)?;
+        }
+
+        if !container_cpuset.is_empty() {
+            info!(
+                sl!(),
+                "updating cpuset for container path: {:?} cpuset: {}",
+                &container_path,
+                container_cpuset
+            );
+            container_cpuset_controller.set_cpus(container_cpuset)?;
        }

        Ok(())
@@ -1144,20 +1135,6 @@ fn convert_memory_swap_to_v2_value(memory_swap: i64, memory: i64) -> Result<i64>
    Ok(memory_swap - memory)
 }

-// Since the OCI spec is designed for cgroup v1, in some cases
-// there is need to convert from the cgroup v1 configuration to cgroup v2
-// the formula for BlkIOWeight is y = (1 + (x - 10) * 9999 / 990)
-// convert linearly from [10-1000] to [1-10000]
-// https://github.com/opencontainers/runc/blob/a5847db387ae28c0ca4ebe4beee1a76900c86414/libcontainer/cgroups/utils.go#L382
-fn convert_blk_io_to_v2_value(blk_io_weight: Option<u16>) -> Option<u16> {
-    let v = blk_io_weight.unwrap_or(0);
-    if v != 0 {
-        return None;
-    }
-
-    Some(1 + (v - 10) * 9999 / 990 as u16)
-}
-
 #[cfg(test)]
 mod tests {
    use super::*;
--- a/src/agent/rustjail/src/cgroups/mock.rs
+++ b/src/agent/rustjail/src/cgroups/mock.rs
@@ -0,0 +1,74 @@
+// Copyright (c) 2020 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+use protobuf::{CachedSize, SingularPtrField, UnknownFields};
+
+use crate::cgroups::Manager as CgroupManager;
+use crate::protocols::agent::{BlkioStats, CgroupStats, CpuStats, MemoryStats, PidsStats};
+use anyhow::Result;
+use cgroups::freezer::FreezerState;
+use libc::{self, pid_t};
+use oci::LinuxResources;
+use std::collections::HashMap;
+use std::string::String;
+
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct Manager {
+    pub paths: HashMap<String, String>,
+    pub mounts: HashMap<String, String>,
+    pub cpath: String,
+}
+
+impl CgroupManager for Manager {
+    fn apply(&self, _: pid_t) -> Result<()> {
+        Ok(())
+    }
+
+    fn set(&self, _: &LinuxResources, _: bool) -> Result<()> {
+        Ok(())
+    }
+
+    fn get_stats(&self) -> Result<CgroupStats> {
+        Ok(CgroupStats {
+            cpu_stats: SingularPtrField::some(CpuStats::default()),
+            memory_stats: SingularPtrField::some(MemoryStats::new()),
+            pids_stats: SingularPtrField::some(PidsStats::new()),
+            blkio_stats: SingularPtrField::some(BlkioStats::new()),
+            hugetlb_stats: HashMap::new(),
+            unknown_fields: UnknownFields::default(),
+            cached_size: CachedSize::default(),
+        })
+    }
+
+    fn freeze(&self, _: FreezerState) -> Result<()> {
+        Ok(())
+    }
+
+    fn destroy(&mut self) -> Result<()> {
+        Ok(())
+    }
+
+    fn get_pids(&self) -> Result<Vec<pid_t>> {
+        Ok(Vec::new())
+    }
+}
+
+impl Manager {
+    pub fn new(cpath: &str) -> Result<Self> {
+        Ok(Self {
+            paths: HashMap::new(),
+            mounts: HashMap::new(),
+            cpath: cpath.to_string(),
+        })
+    }
+
+    pub fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> {
+        Ok(())
+    }
+
+    pub fn get_cg_path(&self, _: &str) -> Option<String> {
+        Some("".to_string())
+    }
+}
--- a/src/agent/rustjail/src/cgroups/notifier.rs
+++ b/src/agent/rustjail/src/cgroups/notifier.rs
@@ -41,7 +41,7 @@ fn get_value_from_cgroup(path: &PathBuf, key: &str) -> Result<i64> {
    );

    for line in content.lines() {
-        let arr: Vec<&str> = line.split(" ").collect();
+        let arr: Vec<&str> = line.split(' ').collect();
        if arr.len() == 2 && arr[0] == key {
            let r = arr[1].parse::<i64>()?;
            return Ok(r);
@@ -130,7 +130,7 @@ fn register_memory_event_v2(
 // notify_on_oom returns channel on which you can expect event about OOM,
 // if process died without OOM this channel will be closed.
 fn notify_on_oom(cid: &str, dir: String) -> Result<Receiver<String>> {
-    if dir == "" {
+    if dir.is_empty() {
        return Err(anyhow!("memory controller missing"));
    }

@@ -139,7 +139,7 @@ fn notify_on_oom(cid: &str, dir: String) -> Result<Receiver<String>> {

 // level is one of "low", "medium", or "critical"
 fn notify_memory_pressure(cid: &str, dir: String, level: &str) -> Result<Receiver<String>> {
-    if dir == "" {
+    if dir.is_empty() {
        return Err(anyhow!("memory controller missing"));
    }

@@ -163,7 +163,7 @@ fn register_memory_event(

    let event_control_path = Path::new(&cg_dir).join("cgroup.event_control");
    let data;
-    if arg == "" {
+    if arg.is_empty() {
        data = format!("{} {}", eventfd, event_file.as_raw_fd());
    } else {
        data = format!("{} {} {}", eventfd, event_file.as_raw_fd(), arg);
--- a/src/agent/rustjail/src/container.rs
+++ b/src/agent/rustjail/src/container.rs
@@ -4,15 +4,11 @@
 //

 use anyhow::{anyhow, Context, Result};
-use dirs;
-use lazy_static;
 use libc::pid_t;
+use oci::{ContainerState, LinuxDevice, LinuxIDMapping};
 use oci::{Hook, Linux, LinuxNamespace, LinuxResources, POSIXRlimit, Spec};
-use oci::{LinuxDevice, LinuxIDMapping};
-use serde_json;
 use std::clone::Clone;
 use std::ffi::{CStr, CString};
-use std::fmt;
 use std::fmt::Display;
 use std::fs;
 use std::os::unix::io::RawFd;
@@ -43,7 +39,6 @@ use nix::sys::signal::{self, Signal};
 use nix::sys::stat::{self, Mode};
 use nix::unistd::{self, ForkResult, Gid, Pid, Uid};

-use libc;
 use protobuf::SingularPtrField;

 use oci::State as OCIState;
@@ -54,9 +49,9 @@ use std::os::unix::io::FromRawFd;

 use slog::{info, o, Logger};

-const STATE_FILENAME: &'static str = "state.json";
-const EXEC_FIFO_FILENAME: &'static str = "exec.fifo";
-const VER_MARKER: &'static str = "1.2.5";
+const STATE_FILENAME: &str = "state.json";
+const EXEC_FIFO_FILENAME: &str = "exec.fifo";
+const VER_MARKER: &str = "1.2.5";
 const PID_NS_PATH: &str = "/proc/self/ns/pid";

 const INIT: &str = "INIT";
@@ -67,37 +62,29 @@ const CLOG_FD: &str = "CLOG_FD";
 const FIFO_FD: &str = "FIFO_FD";
 const HOME_ENV_KEY: &str = "HOME";

-#[derive(PartialEq, Clone, Copy)]
-pub enum Status {
-    CREATED,
-    RUNNING,
-    STOPPED,
-    PAUSED,
-}
-
 #[derive(Debug)]
 pub struct ContainerStatus {
-    pre_status: Status,
-    cur_status: Status,
+    pre_status: ContainerState,
+    cur_status: ContainerState,
 }

 impl ContainerStatus {
    fn new() -> Self {
        ContainerStatus {
-            pre_status: Status::CREATED,
-            cur_status: Status::CREATED,
+            pre_status: ContainerState::CREATED,
+            cur_status: ContainerState::CREATED,
        }
    }

-    fn status(&self) -> Status {
+    fn status(&self) -> ContainerState {
        self.cur_status
    }

-    fn pre_status(&self) -> Status {
+    fn pre_status(&self) -> ContainerState {
        self.pre_status
    }

-    fn transition(&mut self, to: Status) {
+    fn transition(&mut self, to: ContainerState) {
        self.pre_status = self.status();
        self.cur_status = to;
    }
@@ -106,17 +93,6 @@ impl ContainerStatus {
 pub type Config = CreateOpts;
 type NamespaceType = String;

-impl fmt::Debug for Status {
-    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        match self {
-            Status::CREATED => write!(f, "{:?}", "created"),
-            Status::RUNNING => write!(f, "{:?}", "running"),
-            Status::STOPPED => write!(f, "{:?}", "stopped"),
-            Status::PAUSED => write!(f, "{:?}", "paused"),
-        }
-    }
-}
-
 lazy_static! {
    static ref NAMESPACES: HashMap<&'static str, CloneFlags> = {
        let mut m = HashMap::new();
@@ -215,7 +191,7 @@ pub struct BaseState {

 pub trait BaseContainer {
    fn id(&self) -> String;
-    fn status(&self) -> Status;
+    fn status(&self) -> ContainerState;
    fn state(&self) -> Result<State>;
    fn oci_state(&self) -> Result<OCIState>;
    fn config(&self) -> Result<&Config>;
@@ -279,7 +255,7 @@ pub trait Container: BaseContainer {
 impl Container for LinuxContainer {
    fn pause(&mut self) -> Result<()> {
        let status = self.status();
-        if status != Status::RUNNING && status != Status::CREATED {
+        if status != ContainerState::RUNNING && status != ContainerState::CREATED {
            return Err(anyhow!(
                "failed to pause container: current status is: {:?}",
                status
@@ -292,7 +268,7 @@ impl Container for LinuxContainer {
                .unwrap()
                .freeze(FreezerState::Frozen)?;

-            self.status.transition(Status::PAUSED);
+            self.status.transition(ContainerState::PAUSED);
            return Ok(());
        }
        Err(anyhow!("failed to get container's cgroup manager"))
@@ -300,7 +276,7 @@ impl Container for LinuxContainer {

    fn resume(&mut self) -> Result<()> {
        let status = self.status();
-        if status != Status::PAUSED {
+        if status != ContainerState::PAUSED {
            return Err(anyhow!("container status is: {:?}, not paused", status));
        }

@@ -310,7 +286,7 @@ impl Container for LinuxContainer {
                .unwrap()
                .freeze(FreezerState::Thawed)?;

-            self.status.transition(Status::RUNNING);
+            self.status.transition(ContainerState::RUNNING);
            return Ok(());
        }
        Err(anyhow!("failed to get container's cgroup manager"))
@@ -551,7 +527,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {

    setid(uid, gid)?;

-    if guser.additional_gids.len() > 0 {
+    if !guser.additional_gids.is_empty() {
        setgroups(guser.additional_gids.as_slice()).map_err(|e| {
            let _ = write_sync(
                cwfd,
@@ -595,7 +571,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {

    // setup the envs
    for e in env.iter() {
-        let v: Vec<&str> = e.splitn(2, "=").collect();
+        let v: Vec<&str> = e.splitn(2, '=').collect();
        if v.len() != 2 {
            continue;
        }
@@ -648,7 +624,7 @@ impl BaseContainer for LinuxContainer {
        self.id.clone()
    }

-    fn status(&self) -> Status {
+    fn status(&self) -> ContainerState {
        self.status.status()
    }

@@ -659,7 +635,7 @@ impl BaseContainer for LinuxContainer {
    fn oci_state(&self) -> Result<OCIState> {
        let oci = self.config.spec.as_ref().unwrap();
        let status = self.status();
-        let pid = if status != Status::STOPPED {
+        let pid = if status != ContainerState::STOPPED {
            self.init_process_pid
        } else {
            0
@@ -671,7 +647,7 @@ impl BaseContainer for LinuxContainer {
        Ok(OCIState {
            version: oci.version.clone(),
            id: self.id(),
-            status: format!("{:?}", status),
+            status,
            pid,
            bundle,
            annotations: oci.annotations.clone(),
@@ -731,7 +707,7 @@ impl BaseContainer for LinuxContainer {
        info!(logger, "enter container.start!");
        let mut fifofd: RawFd = -1;
        if p.init {
-            if let Ok(_) = stat::stat(fifo_file.as_str()) {
+            if stat::stat(fifo_file.as_str()).is_ok() {
                return Err(anyhow!("exec fifo exists"));
            }
            unistd::mkfifo(fifo_file.as_str(), Mode::from_bits(0o622).unwrap())?;
@@ -754,8 +730,6 @@ impl BaseContainer for LinuxContainer {
        }
        let linux = spec.linux.as_ref().unwrap();

-        let st = self.oci_state()?;
-
        let (pfd_log, cfd_log) = unistd::pipe().context("failed to create pipe")?;

        let _ = fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC))
@@ -885,6 +859,8 @@ impl BaseContainer for LinuxContainer {

        info!(logger, "child pid: {}", p.pid);

+        let st = self.oci_state()?;
+
        join_namespaces(
            &logger,
            &spec,
@@ -931,7 +907,7 @@ impl BaseContainer for LinuxContainer {
            .join()
            .map_err(|e| warn!(logger, "joining log handler {:?}", e));
        info!(logger, "create process completed");
-        return Ok(());
+        Ok(())
    }

    fn run(&mut self, p: Process) -> Result<()> {
@@ -940,7 +916,7 @@ impl BaseContainer for LinuxContainer {

        if init {
            self.exec()?;
-            self.status.transition(Status::RUNNING);
+            self.status.transition(ContainerState::RUNNING);
        }

        Ok(())
@@ -962,12 +938,16 @@ impl BaseContainer for LinuxContainer {
            }
        }

-        self.status.transition(Status::STOPPED);
+        self.status.transition(ContainerState::STOPPED);
        nix::mount::umount2(
            spec.root.as_ref().unwrap().path.as_str(),
            MntFlags::MNT_DETACH,
        )?;
        fs::remove_dir_all(&self.root)?;
+
+        if let Some(cgm) = self.cgroup_manager.as_mut() {
+            cgm.destroy().context("destroy cgroups")?;
+        }
        Ok(())
    }

@@ -994,7 +974,7 @@ impl BaseContainer for LinuxContainer {
            .unwrap()
            .as_secs();

-        self.status.transition(Status::RUNNING);
+        self.status.transition(ContainerState::RUNNING);
        unistd::close(fd)?;

        Ok(())
@@ -1056,7 +1036,7 @@ fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Resul
                TYPETONAME.get(namespace.r#type.as_str()).unwrap()
            );

-            if namespace.path == "" {
+            if namespace.path.is_empty() {
                namespace.path = ns_path;
            }
        }
@@ -1068,7 +1048,7 @@ fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Resul
 fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<Option<RawFd>> {
    for ns in &linux.namespaces {
        if ns.r#type == "pid" {
-            if ns.path == "" {
+            if ns.path.is_empty() {
                return Ok(None);
            }

@@ -1096,7 +1076,7 @@ fn is_userns_enabled(linux: &Linux) -> bool {
    linux
        .namespaces
        .iter()
-        .any(|ns| ns.r#type == "user" && ns.path == "")
+        .any(|ns| ns.r#type == "user" && ns.path.is_empty())
 }

 fn get_namespaces(linux: &Linux) -> Vec<LinuxNamespace> {
@@ -1164,11 +1144,9 @@ fn join_namespaces(
    }

    // apply cgroups
-    if p.init {
-        if res.is_some() {
-            info!(logger, "apply cgroups!");
-            cm.set(res.unwrap(), false)?;
-        }
+    if p.init && res.is_some() {
+        info!(logger, "apply cgroups!");
+        cm.set(res.unwrap(), false)?;
    }

    if res.is_some() {
@@ -1464,7 +1442,7 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
                }
            }

-            return Ok(());
+            Ok(())
        }

        ForkResult::Child => {
@@ -1567,13 +1545,11 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
                            error
                        }
                    }
+                } else if let Ok(s) = rx.recv() {
+                    s
                } else {
-                    if let Ok(s) = rx.recv() {
-                        s
-                    } else {
-                        let _ = signal::kill(Pid::from_raw(pid), Some(Signal::SIGKILL));
-                        -libc::EPIPE
-                    }
+                    let _ = signal::kill(Pid::from_raw(pid), Some(Signal::SIGKILL));
+                    -libc::EPIPE
                }
            };

@@ -1591,15 +1567,22 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
 #[cfg(test)]
 mod tests {
    use super::*;
+    use tempfile::tempdir;
+
+    macro_rules! sl {
+        () => {
+            slog_scope::logger()
+        };
+    }

    #[test]
    fn test_status_transtition() {
        let mut status = ContainerStatus::new();
-        let status_table: [Status; 4] = [
-            Status::CREATED,
-            Status::RUNNING,
-            Status::PAUSED,
-            Status::STOPPED,
+        let status_table: [ContainerState; 4] = [
+            ContainerState::CREATED,
+            ContainerState::RUNNING,
+            ContainerState::PAUSED,
+            ContainerState::STOPPED,
        ];

        for s in status_table.iter() {
@@ -1609,4 +1592,96 @@ mod tests {
            assert_eq!(pre_status, status.pre_status());
        }
    }
+
+    #[test]
+    fn test_namespaces() {
+        lazy_static::initialize(&NAMESPACES);
+        assert_eq!(NAMESPACES.len(), 7);
+
+        let ns = NAMESPACES.get("user");
+        assert!(ns.is_some());
+
+        let ns = NAMESPACES.get("ipc");
+        assert!(ns.is_some());
+
+        let ns = NAMESPACES.get("pid");
+        assert!(ns.is_some());
+
+        let ns = NAMESPACES.get("network");
+        assert!(ns.is_some());
+
+        let ns = NAMESPACES.get("mount");
+        assert!(ns.is_some());
+
+        let ns = NAMESPACES.get("uts");
+        assert!(ns.is_some());
+
+        let ns = NAMESPACES.get("cgroup");
+        assert!(ns.is_some());
+    }
+
+    #[test]
+    fn test_typetoname() {
+        lazy_static::initialize(&TYPETONAME);
+        assert_eq!(TYPETONAME.len(), 7);
+
+        let ns = TYPETONAME.get("user");
+        assert!(ns.is_some());
+
+        let ns = TYPETONAME.get("ipc");
+        assert!(ns.is_some());
+
+        let ns = TYPETONAME.get("pid");
+        assert!(ns.is_some());
+
+        let ns = TYPETONAME.get("network");
+        assert!(ns.is_some());
+
+        let ns = TYPETONAME.get("mount");
+        assert!(ns.is_some());
+
+        let ns = TYPETONAME.get("uts");
+        assert!(ns.is_some());
+
+        let ns = TYPETONAME.get("cgroup");
+        assert!(ns.is_some());
+    }
+
+    fn create_dummy_opts() -> CreateOpts {
+        let mut root = oci::Root::default();
+        root.path = "/tmp".to_string();
+
+        let linux = Linux::default();
+        let mut spec = Spec::default();
+        spec.root = Some(root).into();
+        spec.linux = Some(linux).into();
+
+        CreateOpts {
+            cgroup_name: "".to_string(),
+            use_systemd_cgroup: false,
+            no_pivot_root: false,
+            no_new_keyring: false,
+            spec: Some(spec),
+            rootless_euid: false,
+            rootless_cgroup: false,
+        }
+    }
+
+    fn new_linux_container() -> (Result<LinuxContainer>, tempfile::TempDir) {
+        // Create a temporal directory
+        let dir = tempdir()
+            .map_err(|e| anyhow!(e).context("tempdir failed"))
+            .unwrap();
+
+        // Create a new container
+        (
+            LinuxContainer::new(
+                "some_id",
+                &dir.path().join("rootfs").to_str().unwrap(),
+                create_dummy_opts(),
+                &slog_scope::logger(),
+            ),
+            dir,
+        )
+    }
 }
--- a/src/agent/rustjail/src/lib.rs
+++ b/src/agent/rustjail/src/lib.rs
@@ -309,7 +309,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
            swap: Some(mem.Swap),
            kernel: Some(mem.Kernel),
            kernel_tcp: Some(mem.KernelTCP),
-            swapiness: Some(mem.Swappiness as i64),
+            swappiness: Some(mem.Swappiness as i64),
            disable_oom_killer: Some(mem.DisableOOMKiller),
        })
    } else {
--- a/src/agent/rustjail/src/mount.rs
+++ b/src/agent/rustjail/src/mount.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 //

-use anyhow::{anyhow, bail, Context, Error, Result};
+use anyhow::{anyhow, bail, Context, Result};
 use libc::uid_t;
 use nix::errno::Errno;
 use nix::fcntl::{self, OFlag};
@@ -22,13 +22,11 @@ use std::os::unix::io::RawFd;
 use std::path::{Path, PathBuf};

 use path_absolutize::*;
-use scan_fmt;
 use std::fs::File;
 use std::io::{BufRead, BufReader};

 use crate::container::DEFAULT_DEVICES;
 use crate::sync::write_count;
-use lazy_static;
 use std::string::ToString;

 use crate::log_child;
@@ -50,7 +48,7 @@ pub struct Info {
    vfs_opts: String,
 }

-const MOUNTINFOFORMAT: &'static str = "{d} {d} {d}:{d} {} {} {} {}";
+const MOUNTINFOFORMAT: &str = "{d} {d} {d}:{d} {} {} {} {}";
 const PROC_PATH: &str = "/proc";

 // since libc didn't defined this const for musl, thus redefined it here.
@@ -153,7 +151,7 @@ pub fn init_rootfs(
    let linux = &spec
        .linux
        .as_ref()
-        .ok_or::<Error>(anyhow!("Could not get linux configuration from spec"))?;
+        .ok_or_else(|| anyhow!("Could not get linux configuration from spec"))?;

    let mut flags = MsFlags::MS_REC;
    match PROPAGATION.get(&linux.rootfs_propagation.as_str()) {
@@ -164,14 +162,14 @@ pub fn init_rootfs(
    let root = spec
        .root
        .as_ref()
-        .ok_or(anyhow!("Could not get rootfs path from spec"))
+        .ok_or_else(|| anyhow!("Could not get rootfs path from spec"))
        .and_then(|r| {
            fs::canonicalize(r.path.as_str()).context("Could not canonicalize rootfs path")
        })?;

    let rootfs = (*root)
        .to_str()
-        .ok_or(anyhow!("Could not convert rootfs path to string"))?;
+        .ok_or_else(|| anyhow!("Could not convert rootfs path to string"))?;

    mount(None::<&str>, "/", None::<&str>, flags, None::<&str>)?;

@@ -185,9 +183,10 @@ pub fn init_rootfs(
        None::<&str>,
    )?;

+    let mut bind_mount_dev = false;
    for m in &spec.mounts {
        let (mut flags, data) = parse_mount(&m);
-        if !m.destination.starts_with("/") || m.destination.contains("..") {
+        if !m.destination.starts_with('/') || m.destination.contains("..") {
            return Err(anyhow!(
                "the mount destination {} is invalid",
                m.destination
@@ -198,6 +197,9 @@ pub fn init_rootfs(
            mount_cgroups(cfd_log, &m, rootfs, flags, &data, cpath, mounts)?;
        } else {
            if m.destination == "/dev" {
+                if m.r#type == "bind" {
+                    bind_mount_dev = true;
+                }
                flags &= !MsFlags::MS_RDONLY;
            }

@@ -228,7 +230,7 @@ pub fn init_rootfs(
            if m.r#type == "bind" {
                for o in &m.options {
                    if let Some(fl) = PROPAGATION.get(o.as_str()) {
-                        let dest = format!("{}{}", &rootfs, &m.destination);
+                        let dest = secure_join(rootfs, &m.destination);
                        mount(None::<&str>, dest.as_str(), None::<&str>, *fl, None::<&str>)?;
                    }
                }
@@ -239,9 +241,14 @@ pub fn init_rootfs(
    let olddir = unistd::getcwd()?;
    unistd::chdir(rootfs)?;

-    default_symlinks()?;
-    create_devices(&linux.devices, bind_device)?;
-    ensure_ptmx()?;
+    // in case the /dev directory was binded mount from guest,
+    // then there's no need to create devices nodes and symlinks
+    // in /dev.
+    if !bind_mount_dev {
+        default_symlinks()?;
+        create_devices(&linux.devices, bind_device)?;
+        ensure_ptmx()?;
+    }

    unistd::chdir(&olddir)?;

@@ -273,9 +280,9 @@ fn check_proc_mount(m: &Mount) -> Result<()> {
        // only allow a mount on-top of proc if it's source is "proc"
        unsafe {
            let mut stats = MaybeUninit::<libc::statfs>::uninit();
-            if let Ok(_) = m
-                .source
+            if m.source
                .with_nix_path(|path| libc::statfs(path.as_ptr(), stats.as_mut_ptr()))
+                .is_ok()
            {
                if stats.assume_init().f_type == PROC_SUPER_MAGIC {
                    return Ok(());
@@ -298,7 +305,7 @@ fn check_proc_mount(m: &Mount) -> Result<()> {
        )));
    }

-    return Ok(());
+    Ok(())
 }

 fn mount_cgroups_v2(cfd_log: RawFd, m: &Mount, rootfs: &str, flags: MsFlags) -> Result<()> {
@@ -586,15 +593,14 @@ pub fn ms_move_root(rootfs: &str) -> Result<bool> {
    let abs_root_buf = root_path.absolutize()?;
    let abs_root = abs_root_buf
        .to_str()
-        .ok_or::<Error>(anyhow!("failed to parse {} to absolute path", rootfs))?;
+        .ok_or_else(|| anyhow!("failed to parse {} to absolute path", rootfs))?;

    for info in mount_infos.iter() {
        let mount_point = Path::new(&info.mount_point);
        let abs_mount_buf = mount_point.absolutize()?;
-        let abs_mount_point = abs_mount_buf.to_str().ok_or::<Error>(anyhow!(
-            "failed to parse {} to absolute path",
-            info.mount_point
-        ))?;
+        let abs_mount_point = abs_mount_buf
+            .to_str()
+            .ok_or_else(|| anyhow!("failed to parse {} to absolute path", info.mount_point))?;
        let abs_mount_point_string = String::from(abs_mount_point);

        // Umount every syfs and proc file systems, except those under the container rootfs
@@ -666,6 +672,52 @@ fn parse_mount(m: &Mount) -> (MsFlags, String) {
    (flags, data.join(","))
 }

+// This function constructs a canonicalized path by combining the `rootfs` and `unsafe_path` elements.
+// The resulting path is guaranteed to be ("below" / "in a directory under") the `rootfs` directory.
+//
+// Parameters:
+//
+// - `rootfs` is the absolute path to the root of the containers root filesystem directory.
+// - `unsafe_path` is path inside a container. It is unsafe since it may try to "escape" from the containers
+//    rootfs by using one or more "../" path elements or is its a symlink to path.
+fn secure_join(rootfs: &str, unsafe_path: &str) -> String {
+    let mut path = PathBuf::from(format!("{}/", rootfs));
+    let unsafe_p = Path::new(&unsafe_path);
+
+    for it in unsafe_p.iter() {
+        let it_p = Path::new(&it);
+
+        // if it_p leads with "/", path.push(it) will be replace as it, so ignore "/"
+        if it_p.has_root() {
+            continue;
+        };
+
+        path.push(it);
+        if let Ok(v) = path.read_link() {
+            if v.is_absolute() {
+                path = PathBuf::from(format!("{}{}", rootfs, v.to_str().unwrap().to_string()));
+            } else {
+                path.pop();
+                for it in v.iter() {
+                    path.push(it);
+                    if path.exists() {
+                        path = path.canonicalize().unwrap();
+                        if !path.starts_with(rootfs) {
+                            path = PathBuf::from(rootfs.to_string());
+                        }
+                    }
+                }
+            }
+        }
+        // skip any ".."
+        if path.ends_with("..") {
+            path.pop();
+        }
+    }
+
+    path.to_str().unwrap().to_string()
+}
+
 fn mount_from(
    cfd_log: RawFd,
    m: &Mount,
@@ -675,7 +727,7 @@ fn mount_from(
    _label: &str,
 ) -> Result<()> {
    let d = String::from(data);
-    let dest = format!("{}{}", rootfs, &m.destination);
+    let dest = secure_join(rootfs, &m.destination);

    let src = if m.r#type.as_str() == "bind" {
        let src = fs::canonicalize(m.source.as_str())?;
@@ -755,7 +807,7 @@ fn mount_from(
    Ok(())
 }

-static SYMLINKS: &'static [(&'static str, &'static str)] = &[
+static SYMLINKS: &[(&str, &str)] = &[
    ("/proc/self/fd", "dev/fd"),
    ("/proc/self/fd/0", "dev/stdin"),
    ("/proc/self/fd/1", "dev/stdout"),
@@ -888,7 +940,7 @@ pub fn finish_rootfs(cfd_log: RawFd, spec: &Spec) -> Result<()> {
 }

 fn mask_path(path: &str) -> Result<()> {
-    if !path.starts_with("/") || path.contains("..") {
+    if !path.starts_with('/') || path.contains("..") {
        return Err(nix::Error::Sys(Errno::EINVAL).into());
    }

@@ -917,7 +969,7 @@ fn mask_path(path: &str) -> Result<()> {
 }

 fn readonly_path(path: &str) -> Result<()> {
-    if !path.starts_with("/") || path.contains("..") {
+    if !path.starts_with('/') || path.contains("..") {
        return Err(nix::Error::Sys(Errno::EINVAL).into());
    }

@@ -959,6 +1011,10 @@ fn readonly_path(path: &str) -> Result<()> {
 mod tests {
    use super::*;
    use crate::skip_if_not_root;
+    use std::fs::create_dir;
+    use std::fs::create_dir_all;
+    use std::fs::remove_dir_all;
+    use std::os::unix::fs;
    use std::os::unix::io::AsRawFd;
    use tempfile::tempdir;

@@ -988,7 +1044,7 @@ mod tests {
        );

        let rootfs = tempdir().unwrap();
-        let ret = fs::create_dir(rootfs.path().join("dev"));
+        let ret = create_dir(rootfs.path().join("dev"));
        assert!(ret.is_ok(), "Got: {:?}", ret);

        spec.root = Some(oci::Root {
@@ -999,8 +1055,8 @@ mod tests {
        // there is no spec.mounts, but should pass
        let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true);
        assert!(ret.is_ok(), "Should pass. Got: {:?}", ret);
-        let _ = fs::remove_dir_all(rootfs.path().join("dev"));
-        let _ = fs::create_dir(rootfs.path().join("dev"));
+        let _ = remove_dir_all(rootfs.path().join("dev"));
+        let _ = create_dir(rootfs.path().join("dev"));

        // Adding bad mount point to spec.mounts
        spec.mounts.push(oci::Mount {
@@ -1018,8 +1074,8 @@ mod tests {
            ret
        );
        spec.mounts.pop();
-        let _ = fs::remove_dir_all(rootfs.path().join("dev"));
-        let _ = fs::create_dir(rootfs.path().join("dev"));
+        let _ = remove_dir_all(rootfs.path().join("dev"));
+        let _ = create_dir(rootfs.path().join("dev"));

        // mounting a cgroup
        spec.mounts.push(oci::Mount {
@@ -1032,8 +1088,8 @@ mod tests {
        let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true);
        assert!(ret.is_ok(), "Should pass. Got: {:?}", ret);
        spec.mounts.pop();
-        let _ = fs::remove_dir_all(rootfs.path().join("dev"));
-        let _ = fs::create_dir(rootfs.path().join("dev"));
+        let _ = remove_dir_all(rootfs.path().join("dev"));
+        let _ = create_dir(rootfs.path().join("dev"));

        // mounting /dev
        spec.mounts.push(oci::Mount {
@@ -1070,11 +1126,11 @@ mod tests {
        cgroup_mounts.insert("cpu".to_string(), "cpu".to_string());
        cgroup_mounts.insert("memory".to_string(), "memory".to_string());

-        let ret = fs::create_dir_all(tempdir.path().join("cgroups"));
+        let ret = create_dir_all(tempdir.path().join("cgroups"));
        assert!(ret.is_ok(), "Should pass. Got {:?}", ret);
-        let ret = fs::create_dir_all(tempdir.path().join("cpu"));
+        let ret = create_dir_all(tempdir.path().join("cpu"));
        assert!(ret.is_ok(), "Should pass. Got {:?}", ret);
-        let ret = fs::create_dir_all(tempdir.path().join("memory"));
+        let ret = create_dir_all(tempdir.path().join("memory"));
        assert!(ret.is_ok(), "Should pass. Got {:?}", ret);

        let ret = mount_cgroups(
@@ -1222,4 +1278,89 @@ mod tests {

        assert!(check_proc_mount(&mount).is_err());
    }
+
+    #[test]
+    fn test_secure_join() {
+        #[derive(Debug)]
+        struct TestData<'a> {
+            name: &'a str,
+            rootfs: &'a str,
+            unsafe_path: &'a str,
+            symlink_path: &'a str,
+            result: &'a str,
+        }
+
+        // create tempory directory to simulate container rootfs with symlink
+        let rootfs_dir = tempdir().expect("failed to create tmpdir");
+        let rootfs_path = rootfs_dir.path().to_str().unwrap();
+
+        let tests = &[
+            TestData {
+                name: "rootfs_not_exist",
+                rootfs: "/home/rootfs",
+                unsafe_path: "a/b/c",
+                symlink_path: "",
+                result: "/home/rootfs/a/b/c",
+            },
+            TestData {
+                name: "relative_path",
+                rootfs: "/home/rootfs",
+                unsafe_path: "../../../a/b/c",
+                symlink_path: "",
+                result: "/home/rootfs/a/b/c",
+            },
+            TestData {
+                name: "skip any ..",
+                rootfs: "/home/rootfs",
+                unsafe_path: "../../../a/../../b/../../c",
+                symlink_path: "",
+                result: "/home/rootfs/a/b/c",
+            },
+            TestData {
+                name: "rootfs is null",
+                rootfs: "",
+                unsafe_path: "",
+                symlink_path: "",
+                result: "/",
+            },
+            TestData {
+                name: "relative softlink beyond container rootfs",
+                rootfs: rootfs_path,
+                unsafe_path: "1",
+                symlink_path: "../../../",
+                result: rootfs_path,
+            },
+            TestData {
+                name: "abs softlink points to the non-exist directory",
+                rootfs: rootfs_path,
+                unsafe_path: "2",
+                symlink_path: "/dddd",
+                result: &format!("{}/dddd", rootfs_path).as_str().to_owned(),
+            },
+            TestData {
+                name: "abs softlink points to the root",
+                rootfs: rootfs_path,
+                unsafe_path: "3",
+                symlink_path: "/",
+                result: &format!("{}/", rootfs_path).as_str().to_owned(),
+            },
+        ];
+
+        for (i, t) in tests.iter().enumerate() {
+            // Create a string containing details of the test
+            let msg = format!("test[{}]: {:?}", i, t);
+
+            // if is_symlink, then should be prepare the softlink environment
+            if t.symlink_path != "" {
+                fs::symlink(t.symlink_path, format!("{}/{}", t.rootfs, t.unsafe_path)).unwrap();
+            }
+            let result = secure_join(t.rootfs, t.unsafe_path);
+
+            // Update the test details string with the results of the call
+            let msg = format!("{}, result: {:?}", msg, result);
+
+            // Perform the checks
+            assert!(result == t.result, msg);
+        }
+    }
 }
--- a/src/agent/rustjail/src/sync.rs
+++ b/src/agent/rustjail/src/sync.rs
@@ -72,7 +72,15 @@ fn read_count(fd: RawFd, count: usize) -> Result<Vec<u8>> {
        }
    }

-    Ok(v[0..len].to_vec())
+    if len != count {
+        Err(anyhow::anyhow!(
+            "invalid read count expect {} get {}",
+            count,
+            len
+        ))
+    } else {
+        Ok(v[0..len].to_vec())
+    }
 }

 pub fn read_sync(fd: RawFd) -> Result<Vec<u8>> {
@@ -88,14 +96,14 @@ pub fn read_sync(fd: RawFd) -> Result<Vec<u8>> {
    let buf_array: [u8; MSG_SIZE] = [buf[0], buf[1], buf[2], buf[3]];
    let msg: i32 = i32::from_be_bytes(buf_array);
    match msg {
-        SYNC_SUCCESS => return Ok(Vec::new()),
+        SYNC_SUCCESS => Ok(Vec::new()),
        SYNC_DATA => {
            let buf = read_count(fd, MSG_SIZE)?;
            let buf_array: [u8; MSG_SIZE] = [buf[0], buf[1], buf[2], buf[3]];
            let msg_length: i32 = i32::from_be_bytes(buf_array);
            let data_buf = read_count(fd, msg_length as usize)?;

-            return Ok(data_buf);
+            Ok(data_buf)
        }
        SYNC_FAILED => {
            let mut error_buf = vec![];
@@ -119,9 +127,9 @@ pub fn read_sync(fd: RawFd) -> Result<Vec<u8>> {
                }
            };

-            return Err(anyhow!(error_str));
+            Err(anyhow!(error_str))
        }
-        _ => return Err(anyhow!("error in receive sync message")),
+        _ => Err(anyhow!("error in receive sync message")),
    }
 }

--- a/src/agent/rustjail/src/validator.rs
+++ b/src/agent/rustjail/src/validator.rs
@@ -4,14 +4,13 @@
 //

 use crate::container::Config;
-use anyhow::{anyhow, Result};
-use lazy_static;
+use anyhow::{anyhow, Context, Result};
 use nix::errno::Errno;
 use oci::{LinuxIDMapping, LinuxNamespace, Spec};
 use std::collections::HashMap;
 use std::path::{Component, PathBuf};

-fn contain_namespace(nses: &Vec<LinuxNamespace>, key: &str) -> bool {
+fn contain_namespace(nses: &[LinuxNamespace], key: &str) -> bool {
    for ns in nses {
        if ns.r#type.as_str() == key {
            return true;
@@ -21,7 +20,7 @@ fn contain_namespace(nses: &Vec<LinuxNamespace>, key: &str) -> bool {
    false
 }

-fn get_namespace_path(nses: &Vec<LinuxNamespace>, key: &str) -> Result<String> {
+fn get_namespace_path(nses: &[LinuxNamespace], key: &str) -> Result<String> {
    for ns in nses {
        if ns.r#type.as_str() == key {
            return Ok(ns.path.clone());
@@ -41,10 +40,8 @@ fn rootfs(root: &str) -> Result<()> {
    // symbolic link? ..?
    let mut stack: Vec<String> = Vec::new();
    for c in path.components() {
-        if stack.is_empty() {
-            if c == Component::RootDir || c == Component::ParentDir {
-                continue;
-            }
+        if stack.is_empty() && (c == Component::RootDir || c == Component::ParentDir) {
+            continue;
        }

        if c == Component::ParentDir {
@@ -52,7 +49,11 @@ fn rootfs(root: &str) -> Result<()> {
            continue;
        }

-        stack.push(c.as_os_str().to_str().unwrap().to_string());
+        if let Some(v) = c.as_os_str().to_str() {
+            stack.push(v.to_string());
+        } else {
+            return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
+        }
    }

    let mut cleaned = PathBuf::from("/");
@@ -60,7 +61,7 @@ fn rootfs(root: &str) -> Result<()> {
        cleaned.push(e);
    }

-    let canon = path.canonicalize()?;
+    let canon = path.canonicalize().context("canonicalize")?;
    if cleaned != canon {
        // There is symbolic in path
        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
@@ -69,19 +70,15 @@ fn rootfs(root: &str) -> Result<()> {
    Ok(())
 }

-fn network(_oci: &Spec) -> Result<()> {
-    Ok(())
-}
-
 fn hostname(oci: &Spec) -> Result<()> {
-    if oci.hostname.is_empty() || oci.hostname == "".to_string() {
+    if oci.hostname.is_empty() {
        return Ok(());
    }

-    if oci.linux.is_none() {
-        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
-    }
-    let linux = oci.linux.as_ref().unwrap();
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;
    if !contain_namespace(&linux.namespaces, "uts") {
        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
    }
@@ -90,8 +87,11 @@ fn hostname(oci: &Spec) -> Result<()> {
 }

 fn security(oci: &Spec) -> Result<()> {
-    let linux = oci.linux.as_ref().unwrap();
-    if linux.masked_paths.len() == 0 && linux.readonly_paths.len() == 0 {
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;
+    if linux.masked_paths.is_empty() && linux.readonly_paths.is_empty() {
        return Ok(());
    }

@@ -104,7 +104,7 @@ fn security(oci: &Spec) -> Result<()> {
    Ok(())
 }

-fn idmapping(maps: &Vec<LinuxIDMapping>) -> Result<()> {
+fn idmapping(maps: &[LinuxIDMapping]) -> Result<()> {
    for map in maps {
        if map.size > 0 {
            return Ok(());
@@ -115,7 +115,10 @@ fn idmapping(maps: &Vec<LinuxIDMapping>) -> Result<()> {
 }

 fn usernamespace(oci: &Spec) -> Result<()> {
-    let linux = oci.linux.as_ref().unwrap();
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;
    if contain_namespace(&linux.namespaces, "user") {
        let user_ns = PathBuf::from("/proc/self/ns/user");
        if !user_ns.exists() {
@@ -123,11 +126,11 @@ fn usernamespace(oci: &Spec) -> Result<()> {
        }
        // check if idmappings is correct, at least I saw idmaps
        // with zero size was passed to agent
-        idmapping(&linux.uid_mappings)?;
-        idmapping(&linux.gid_mappings)?;
+        idmapping(&linux.uid_mappings).context("idmapping uid")?;
+        idmapping(&linux.gid_mappings).context("idmapping gid")?;
    } else {
        // no user namespace but idmap
-        if linux.uid_mappings.len() != 0 || linux.gid_mappings.len() != 0 {
+        if !linux.uid_mappings.is_empty() || !linux.gid_mappings.is_empty() {
            return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
        }
    }
@@ -136,7 +139,10 @@ fn usernamespace(oci: &Spec) -> Result<()> {
 }

 fn cgroupnamespace(oci: &Spec) -> Result<()> {
-    let linux = oci.linux.as_ref().unwrap();
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;
    if contain_namespace(&linux.namespaces, "cgroup") {
        let path = PathBuf::from("/proc/self/ns/cgroup");
        if !path.exists() {
@@ -165,14 +171,20 @@ fn check_host_ns(path: &str) -> Result<()> {
    let cpath = PathBuf::from(path);
    let hpath = PathBuf::from("/proc/self/ns/net");

-    let real_hpath = hpath.read_link()?;
-    let meta = cpath.symlink_metadata()?;
+    let real_hpath = hpath
+        .read_link()
+        .context(format!("read link {:?}", hpath))?;
+    let meta = cpath
+        .symlink_metadata()
+        .context(format!("symlink metadata {:?}", cpath))?;
    let file_type = meta.file_type();

    if !file_type.is_symlink() {
        return Ok(());
    }
-    let real_cpath = cpath.read_link()?;
+    let real_cpath = cpath
+        .read_link()
+        .context(format!("read link {:?}", cpath))?;
    if real_cpath == real_hpath {
        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
    }
@@ -181,7 +193,10 @@ fn check_host_ns(path: &str) -> Result<()> {
 }

 fn sysctl(oci: &Spec) -> Result<()> {
-    let linux = oci.linux.as_ref().unwrap();
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;
    for (key, _) in linux.sysctl.iter() {
        if SYSCTLS.contains_key(key.as_str()) || key.starts_with("fs.mqueue.") {
            if contain_namespace(&linux.namespaces, "ipc") {
@@ -192,16 +207,8 @@ fn sysctl(oci: &Spec) -> Result<()> {
        }

        if key.starts_with("net.") {
-            if !contain_namespace(&linux.namespaces, "network") {
-                return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
-            }
-
-            let net = get_namespace_path(&linux.namespaces, "network")?;
-            if net.is_empty() || net == "".to_string() {
-                continue;
-            }
-
-            check_host_ns(net.as_str())?;
+            // the network ns is shared with the guest, don't expect to find it in spec
+            continue;
        }

        if contain_namespace(&linux.namespaces, "uts") {
@@ -220,12 +227,15 @@ fn sysctl(oci: &Spec) -> Result<()> {
 }

 fn rootless_euid_mapping(oci: &Spec) -> Result<()> {
-    let linux = oci.linux.as_ref().unwrap();
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;
    if !contain_namespace(&linux.namespaces, "user") {
        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
    }

-    if linux.uid_mappings.len() == 0 || linux.gid_mappings.len() == 0 {
+    if linux.uid_mappings.is_empty() || linux.gid_mappings.is_empty() {
        // rootless containers requires at least one UID/GID mapping
        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
    }
@@ -233,7 +243,7 @@ fn rootless_euid_mapping(oci: &Spec) -> Result<()> {
    Ok(())
 }

-fn has_idmapping(maps: &Vec<LinuxIDMapping>, id: u32) -> bool {
+fn has_idmapping(maps: &[LinuxIDMapping], id: u32) -> bool {
    for map in maps {
        if id >= map.container_id && id < map.container_id + map.size {
            return true;
@@ -243,7 +253,10 @@ fn has_idmapping(maps: &Vec<LinuxIDMapping>, id: u32) -> bool {
 }

 fn rootless_euid_mount(oci: &Spec) -> Result<()> {
-    let linux = oci.linux.as_ref().unwrap();
+    let linux = oci
+        .linux
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;

    for mnt in oci.mounts.iter() {
        for opt in mnt.options.iter() {
@@ -254,18 +267,17 @@ fn rootless_euid_mount(oci: &Spec) -> Result<()> {
                    return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
                }

-                let id = fields[1].trim().parse::<u32>()?;
+                let id = fields[1]
+                    .trim()
+                    .parse::<u32>()
+                    .context(format!("parse field {}", &fields[1]))?;

-                if opt.starts_with("uid=") {
-                    if !has_idmapping(&linux.uid_mappings, id) {
-                        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
-                    }
+                if opt.starts_with("uid=") && !has_idmapping(&linux.uid_mappings, id) {
+                    return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
                }

-                if opt.starts_with("gid=") {
-                    if !has_idmapping(&linux.gid_mappings, id) {
-                        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
-                    }
+                if opt.starts_with("gid=") && !has_idmapping(&linux.gid_mappings, id) {
+                    return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
                }
            }
        }
@@ -274,34 +286,36 @@ fn rootless_euid_mount(oci: &Spec) -> Result<()> {
 }

 fn rootless_euid(oci: &Spec) -> Result<()> {
-    rootless_euid_mapping(oci)?;
-    rootless_euid_mount(oci)?;
+    rootless_euid_mapping(oci).context("rootless euid mapping")?;
+    rootless_euid_mount(oci).context("rotless euid mount")?;
    Ok(())
 }

 pub fn validate(conf: &Config) -> Result<()> {
    lazy_static::initialize(&SYSCTLS);
-    let oci = conf.spec.as_ref().unwrap();
+    let oci = conf
+        .spec
+        .as_ref()
+        .ok_or(anyhow!(nix::Error::from_errno(Errno::EINVAL)))?;

    if oci.linux.is_none() {
        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
    }

-    if oci.root.is_none() {
-        return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
-    }
-    let root = oci.root.as_ref().unwrap().path.as_str();
+    let root = match oci.root.as_ref() {
+        Some(v) => v.path.as_str(),
+        None => return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL))),
+    };

-    rootfs(root)?;
-    network(oci)?;
-    hostname(oci)?;
-    security(oci)?;
-    usernamespace(oci)?;
-    cgroupnamespace(oci)?;
-    sysctl(&oci)?;
+    rootfs(root).context("rootfs")?;
+    hostname(oci).context("hostname")?;
+    security(oci).context("security")?;
+    usernamespace(oci).context("usernamespace")?;
+    cgroupnamespace(oci).context("cgroupnamespace")?;
+    sysctl(&oci).context("sysctl")?;

    if conf.rootless_euid {
-        rootless_euid(oci)?;
+        rootless_euid(oci).context("rootless euid")?;
    }

    Ok(())
--- a/src/agent/src/config.rs
+++ b/src/agent/src/config.rs
@@ -144,7 +144,7 @@ impl agentConfig {
 }

 fn get_vsock_port(p: &str) -> Result<i32> {
-    let fields: Vec<&str> = p.split("=").collect();
+    let fields: Vec<&str> = p.split('=').collect();
    if fields.len() != 2 {
        return Err(anyhow!("invalid port parameter"));
    }
@@ -180,7 +180,7 @@ fn logrus_to_slog_level(logrus_level: &str) -> Result<slog::Level> {
 }

 fn get_log_level(param: &str) -> Result<slog::Level> {
-    let fields: Vec<&str> = param.split("=").collect();
+    let fields: Vec<&str> = param.split('=').collect();

    if fields.len() != 2 {
        return Err(anyhow!("invalid log level parameter"));
@@ -194,7 +194,7 @@ fn get_log_level(param: &str) -> Result<slog::Level> {
 }

 fn get_hotplug_timeout(param: &str) -> Result<time::Duration> {
-    let fields: Vec<&str> = param.split("=").collect();
+    let fields: Vec<&str> = param.split('=').collect();

    if fields.len() != 2 {
        return Err(anyhow!("invalid hotplug timeout parameter"));
@@ -214,7 +214,7 @@ fn get_hotplug_timeout(param: &str) -> Result<time::Duration> {
 }

 fn get_bool_value(param: &str) -> Result<bool> {
-    let fields: Vec<&str> = param.split("=").collect();
+    let fields: Vec<&str> = param.split('=').collect();

    if fields.len() != 2 {
        return Ok(false);
@@ -225,18 +225,14 @@ fn get_bool_value(param: &str) -> Result<bool> {
    // first try to parse as bool value
    v.parse::<bool>().or_else(|_err1| {
        // then try to parse as integer value
-        v.parse::<u64>().or_else(|_err2| Ok(0)).and_then(|v| {
-            // only `0` returns false, otherwise returns true
-            Ok(match v {
-                0 => false,
-                _ => true,
-            })
-        })
+        v.parse::<u64>()
+            .or_else(|_err2| Ok(0))
+            .map(|v| !matches!(v, 0))
    })
 }

 fn get_container_pipe_size(param: &str) -> Result<i32> {
-    let fields: Vec<&str> = param.split("=").collect();
+    let fields: Vec<&str> = param.split('=').collect();

    if fields.len() != 2 {
        return Err(anyhow!("invalid container pipe size parameter"));
@@ -634,10 +630,10 @@ mod tests {
            let filename = file_path.to_str().expect("failed to create filename");

            let mut file =
-                File::create(filename).expect(&format!("{}: failed to create file", msg));
+                File::create(filename).unwrap_or_else(|_| panic!("{}: failed to create file", msg));

            file.write_all(d.contents.as_bytes())
-                .expect(&format!("{}: failed to write file contents", msg));
+                .unwrap_or_else(|_| panic!("{}: failed to write file contents", msg));

            let mut config = agentConfig::new();
            assert_eq!(config.debug_console, false, "{}", msg);
@@ -737,7 +733,7 @@ mod tests {

            let msg = format!("{}: result: {:?}", msg, result);

-            assert_result!(d.result, result, format!("{}", msg));
+            assert_result!(d.result, result, msg);
        }
    }

@@ -831,7 +827,7 @@ mod tests {

            let msg = format!("{}: result: {:?}", msg, result);

-            assert_result!(d.result, result, format!("{}", msg));
+            assert_result!(d.result, result, msg);
        }
    }

@@ -901,7 +897,7 @@ mod tests {

            let msg = format!("{}: result: {:?}", msg, result);

-            assert_result!(d.result, result, format!("{}", msg));
+            assert_result!(d.result, result, msg);
        }
    }

@@ -975,7 +971,7 @@ mod tests {

            let msg = format!("{}: result: {:?}", msg, result);

-            assert_result!(d.result, result, format!("{}", msg));
+            assert_result!(d.result, result, msg);
        }
    }
 }
--- a/src/agent/src/device.rs
+++ b/src/agent/src/device.rs
@@ -38,8 +38,8 @@ struct DevIndex(HashMap<String, DevIndexEntry>);
 // DeviceHandler is the type of callback to be defined to handle every type of device driver.
 type DeviceHandler = fn(&Device, &mut Spec, &Arc<Mutex<Sandbox>>, &DevIndex) -> Result<()>;

-// DeviceHandlerList lists the supported drivers.
-#[cfg_attr(rustfmt, rustfmt_skip)]
+// DEVICEHANDLERLIST lists the supported drivers.
+#[rustfmt::skip]
 lazy_static! {
    static ref DEVICEHANDLERLIST: HashMap<&'static str, DeviceHandler> = {
        let mut m: HashMap<&'static str, DeviceHandler> = HashMap::new();
@@ -65,7 +65,7 @@ pub fn online_device(path: &str) -> Result<()> {
 // Here, bridgeAddr is the address at which the bridge is attached on the root bus,
 // while deviceAddr is the address at which the device is attached on the bridge.
 fn get_pci_device_address(pci_id: &str) -> Result<String> {
-    let tokens: Vec<&str> = pci_id.split("/").collect();
+    let tokens: Vec<&str> = pci_id.split('/').collect();

    if tokens.len() != 2 {
        return Err(anyhow!(
@@ -165,7 +165,7 @@ pub fn get_pci_device_name(sandbox: &Arc<Mutex<Sandbox>>, pci_id: &str) -> Resul

 /// Scan SCSI bus for the given SCSI address(SCSI-Id and LUN)
 fn scan_scsi_bus(scsi_addr: &str) -> Result<()> {
-    let tokens: Vec<&str> = scsi_addr.split(":").collect();
+    let tokens: Vec<&str> = scsi_addr.split(':').collect();
    if tokens.len() != 2 {
        return Err(anyhow!(
            "Unexpected format for SCSI Address: {}, expect SCSIID:LUA",
@@ -204,7 +204,7 @@ fn update_spec_device_list(device: &Device, spec: &mut Spec, devidx: &DevIndex)

    // If no container_path is provided, we won't be able to match and
    // update the device in the OCI spec device list. This is an error.
-    if device.container_path == "" {
+    if device.container_path.is_empty() {
        return Err(anyhow!(
            "container_path cannot empty for device {:?}",
            device
@@ -280,7 +280,7 @@ fn virtiommio_blk_device_handler(
    _sandbox: &Arc<Mutex<Sandbox>>,
    devidx: &DevIndex,
 ) -> Result<()> {
-    if device.vm_path == "" {
+    if device.vm_path.is_empty() {
        return Err(anyhow!("Invalid path for virtio mmio blk device"));
    }

@@ -300,7 +300,7 @@ fn virtio_blk_device_handler(

    // When "Id (PCIAddr)" is not set, we allow to use the predicted "VmPath" passed from kata-runtime
    // Note this is a special code path for cloud-hypervisor when BDF information is not available
-    if device.id != "" {
+    if !device.id.is_empty() {
        dev.vm_path = get_pci_device_name(sandbox, &device.id)?;
    }

@@ -325,7 +325,7 @@ fn virtio_nvdimm_device_handler(
    _sandbox: &Arc<Mutex<Sandbox>>,
    devidx: &DevIndex,
 ) -> Result<()> {
-    if device.vm_path == "" {
+    if device.vm_path.is_empty() {
        return Err(anyhow!("Invalid path for nvdimm device"));
    }

@@ -336,11 +336,11 @@ impl DevIndex {
    fn new(spec: &Spec) -> DevIndex {
        let mut map = HashMap::new();

-        for linux in spec.linux.as_ref() {
+        if let Some(linux) = spec.linux.as_ref() {
            for (i, d) in linux.devices.iter().enumerate() {
                let mut residx = Vec::new();

-                for linuxres in linux.resources.as_ref() {
+                if let Some(linuxres) = linux.resources.as_ref() {
                    for (j, r) in linuxres.devices.iter().enumerate() {
                        if r.r#type == d.r#type
                            && r.major == Some(d.major)
@@ -381,15 +381,15 @@ fn add_device(
    info!(sl!(), "device-id: {}, device-type: {}, device-vm-path: {}, device-container-path: {}, device-options: {:?}",
          device.id, device.field_type, device.vm_path, device.container_path, device.options);

-    if device.field_type == "" {
+    if device.field_type.is_empty() {
        return Err(anyhow!("invalid type for device {:?}", device));
    }

-    if device.id == "" && device.vm_path == "" {
+    if device.id.is_empty() && device.vm_path.is_empty() {
        return Err(anyhow!("invalid ID and VM path for device {:?}", device));
    }

-    if device.container_path == "" {
+    if device.container_path.is_empty() {
        return Err(anyhow!("invalid container path for device {:?}", device));
    }

@@ -436,9 +436,10 @@ mod tests {

    #[test]
    fn test_update_device_cgroup() {
-        let mut spec = Spec::default();
-
-        spec.linux = Some(Linux::default());
+        let mut spec = Spec {
+            linux: Some(Linux::default()),
+            ..Default::default()
+        };

        update_device_cgroup(&mut spec).unwrap();

--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -246,8 +246,8 @@ fn start_sandbox(logger: &Logger, config: &agentConfig, init_mode: bool) -> Resu
    let (tx, rx) = mpsc::channel::<i32>();
    sandbox.lock().unwrap().sender = Some(tx);

-    //vsock:///dev/vsock, port
-    let mut server = rpc::start(sandbox.clone(), config.server_addr.as_str());
+    // vsock:///dev/vsock, port
+    let mut server = rpc::start(sandbox, config.server_addr.as_str());

    let _ = server.start().unwrap();

@@ -272,8 +272,6 @@ fn setup_signal_handler(logger: &Logger, sandbox: Arc<Mutex<Sandbox>>) -> Result

    let signals = Signals::new(&[SIGCHLD])?;

-    let s = sandbox.clone();
-
    thread::spawn(move || {
        'outer: for sig in signals.forever() {
            info!(logger, "received signal"; "signal" => sig);
@@ -303,13 +301,13 @@ fn setup_signal_handler(logger: &Logger, sandbox: Arc<Mutex<Sandbox>>) -> Result
                };

                let pid = wait_status.pid();
-                if pid.is_some() {
-                    let raw_pid = pid.unwrap().as_raw();
+                if let Some(pid) = pid {
+                    let raw_pid = pid.as_raw();
                    let child_pid = format!("{}", raw_pid);

                    let logger = logger.new(o!("child-pid" => child_pid));

-                    let mut sandbox = s.lock().unwrap();
+                    let mut sandbox = sandbox.lock().unwrap();
                    let process = sandbox.find_process(raw_pid);
                    if process.is_none() {
                        info!(logger, "child exited unexpectedly");
@@ -366,7 +364,8 @@ fn init_agent_as_init(logger: &Logger, unified_cgroup_hierarchy: bool) -> Result

    env::set_var("PATH", "/bin:/sbin/:/usr/bin/:/usr/sbin/");

-    let contents = std::fs::read_to_string("/etc/hostname").unwrap_or(String::from("localhost"));
+    let contents =
+        std::fs::read_to_string("/etc/hostname").unwrap_or_else(|_| String::from("localhost"));
    let contents_array: Vec<&str> = contents.split(' ').collect();
    let hostname = contents_array[0].trim();

@@ -481,8 +480,8 @@ where

    // write and return
    match writer.write_all(&buf[..buf_len]) {
-        Ok(_) => return Ok(buf_len as u64),
-        Err(err) => return Err(err),
+        Ok(_) => Ok(buf_len as u64),
+        Err(err) => Err(err),
    }
 }

--- a/src/agent/src/metrics.rs
+++ b/src/agent/src/metrics.rs
@@ -8,7 +8,6 @@ extern crate procfs;
 use prometheus::{Encoder, Gauge, GaugeVec, IntCounter, TextEncoder};

 use anyhow::Result;
-use protocols;

 const NAMESPACE_KATA_AGENT: &str = "kata_agent";
 const NAMESPACE_KATA_GUEST: &str = "kata_guest";
@@ -85,17 +84,15 @@ pub fn get_metrics(_: &protocols::agent::GetMetricsRequest) -> Result<String> {
    let encoder = TextEncoder::new();
    encoder.encode(&metric_families, &mut buffer).unwrap();

-    Ok(String::from_utf8(buffer.clone()).unwrap())
+    Ok(String::from_utf8(buffer).unwrap())
 }

 fn update_agent_metrics() {
    let me = procfs::process::Process::myself();
-    match me {
-        Err(err) => {
-            error!(sl!(), "failed to create process instance: {:?}", err);
-            return;
-        }
-        Ok(_) => {}
+
+    if let Err(err) = me {
+        error!(sl!(), "failed to create process instance: {:?}", err);
+        return;
    }

    let me = me.unwrap();
--- a/src/agent/src/mount.rs
+++ b/src/agent/src/mount.rs
@@ -7,7 +7,6 @@ use std::collections::HashMap;
 use std::ffi::CString;
 use std::fs;
 use std::io;
-use std::iter::FromIterator;
 use std::os::unix::fs::PermissionsExt;

 use std::path::Path;
@@ -39,7 +38,7 @@ pub const DRIVERLOCALTYPE: &str = "local";

 pub const TYPEROOTFS: &str = "rootfs";

-#[cfg_attr(rustfmt, rustfmt_skip)]
+#[rustfmt::skip]
 lazy_static! {
    pub static ref FLAGS: HashMap<&'static str, (bool, MsFlags)> = {
        let mut m = HashMap::new();
@@ -88,7 +87,7 @@ pub struct INIT_MOUNT {
    options: Vec<&'static str>,
 }

-#[cfg_attr(rustfmt, rustfmt_skip)]
+#[rustfmt::skip]
 lazy_static!{
    static ref CGROUPS: HashMap<&'static str, &'static str> = {
        let mut m = HashMap::new();
@@ -109,7 +108,7 @@ lazy_static!{
    };
 }

-#[cfg_attr(rustfmt, rustfmt_skip)]
+#[rustfmt::skip]
 lazy_static! {
    pub static ref INIT_ROOTFS_MOUNTS: Vec<INIT_MOUNT> = vec![
        INIT_MOUNT{fstype: "proc", src: "proc", dest: "/proc", options: vec!["nosuid", "nodev", "noexec"]},
@@ -126,7 +125,7 @@ lazy_static! {
 type StorageHandler = fn(&Logger, &Storage, Arc<Mutex<Sandbox>>) -> Result<String>;

 // STORAGEHANDLERLIST lists the supported drivers.
-#[cfg_attr(rustfmt, rustfmt_skip)]
+#[rustfmt::skip]
 lazy_static! {
    pub static ref STORAGEHANDLERLIST: HashMap<&'static str, StorageHandler> = {
    	let mut m = HashMap::new();
@@ -173,9 +172,9 @@ impl<'a> BareMount<'a> {
        BareMount {
            source: s,
            destination: d,
-            fs_type: fs_type,
-            flags: flags,
-            options: options,
+            fs_type,
+            flags,
+            options,
            logger: logger.new(o!("subsystem" => "baremount")),
        }
    }
@@ -190,11 +189,11 @@ impl<'a> BareMount<'a> {
        let cstr_dest: CString;
        let cstr_fs_type: CString;

-        if self.source.len() == 0 {
+        if self.source.is_empty() {
            return Err(anyhow!("need mount source"));
        }

-        if self.destination.len() == 0 {
+        if self.destination.is_empty() {
            return Err(anyhow!("need mount destination"));
        }

@@ -204,14 +203,14 @@ impl<'a> BareMount<'a> {
        cstr_dest = CString::new(self.destination)?;
        dest = cstr_dest.as_ptr();

-        if self.fs_type.len() == 0 {
+        if self.fs_type.is_empty() {
            return Err(anyhow!("need mount FS type"));
        }

        cstr_fs_type = CString::new(self.fs_type)?;
        fs_type = cstr_fs_type.as_ptr();

-        if self.options.len() > 0 {
+        if !self.options.is_empty() {
            cstr_options = CString::new(self.options)?;
            options = cstr_options.as_ptr() as *const c_void;
        }
@@ -243,8 +242,7 @@ fn ephemeral_storage_handler(
    storage: &Storage,
    sandbox: Arc<Mutex<Sandbox>>,
 ) -> Result<String> {
-    let s = sandbox.clone();
-    let mut sb = s.lock().unwrap();
+    let mut sb = sandbox.lock().unwrap();
    let new_storage = sb.set_sandbox_storage(&storage.mount_point);

    if !new_storage {
@@ -262,8 +260,7 @@ fn local_storage_handler(
    storage: &Storage,
    sandbox: Arc<Mutex<Sandbox>>,
 ) -> Result<String> {
-    let s = sandbox.clone();
-    let mut sb = s.lock().unwrap();
+    let mut sb = sandbox.lock().unwrap();
    let new_storage = sb.set_sandbox_storage(&storage.mount_point);

    if !new_storage {
@@ -279,8 +276,7 @@ fn local_storage_handler(

    let opts = parse_options(opts_vec);
    let mode = opts.get("mode");
-    if mode.is_some() {
-        let mode = mode.unwrap();
+    if let Some(mode) = mode {
        let mut permission = fs::metadata(&storage.mount_point)?.permissions();

        let o_mode = u32::from_str_radix(mode, 8)?;
@@ -383,7 +379,7 @@ fn mount_storage(logger: &Logger, storage: &Storage) -> Result<()> {
    }

    let options_vec = storage.options.to_vec();
-    let options_vec = Vec::from_iter(options_vec.iter().map(String::as_str));
+    let options_vec = options_vec.iter().map(String::as_str).collect();
    let (flags, options) = parse_mount_flags_and_options(options_vec);

    info!(logger, "mounting storage";
@@ -410,17 +406,17 @@ fn parse_mount_flags_and_options(options_vec: Vec<&str>) -> (MsFlags, String) {
    let mut options: String = "".to_string();

    for opt in options_vec {
-        if opt.len() != 0 {
+        if !opt.is_empty() {
            match FLAGS.get(opt) {
                Some(x) => {
                    let (_, f) = *x;
-                    flags = flags | f;
+                    flags |= f;
                }
                None => {
-                    if options.len() > 0 {
+                    if !options.is_empty() {
                        options.push_str(format!(",{}", opt).as_str());
                    } else {
-                        options.push_str(format!("{}", opt).as_str());
+                        options.push_str(opt.to_string().as_str());
                    }
                }
            };
@@ -458,7 +454,7 @@ pub fn add_storages(
        // Todo need to rollback the mounted storage if err met.
        let mount_point = handler(&logger, &storage, sandbox.clone())?;

-        if mount_point.len() > 0 {
+        if !mount_point.is_empty() {
            mount_list.push(mount_point);
        }
    }
@@ -509,7 +505,7 @@ pub fn get_mount_fs_type(mount_point: &str) -> Result<String> {
 // get_mount_fs_type_from_file returns the FS type corresponding to the passed mount point and
 // any error ecountered.
 pub fn get_mount_fs_type_from_file(mount_file: &str, mount_point: &str) -> Result<String> {
-    if mount_point == "" {
+    if mount_point.is_empty() {
        return Err(anyhow!("Invalid mount point {}", mount_point));
    }

@@ -570,10 +566,10 @@ pub fn get_cgroup_mounts(
    'outer: for (_, line) in reader.lines().enumerate() {
        let line = line?;

-        let fields: Vec<&str> = line.split("\t").collect();
+        let fields: Vec<&str> = line.split('\t').collect();

        // Ignore comment header
-        if fields[0].starts_with("#") {
+        if fields[0].starts_with('#') {
            continue;
        }

@@ -594,7 +590,7 @@ pub fn get_cgroup_mounts(
            }
        }

-        if fields[0] == "" {
+        if fields[0].is_empty() {
            continue;
        }

@@ -643,7 +639,7 @@ pub fn cgroups_mount(logger: &Logger, unified_cgroup_hierarchy: bool) -> Result<
    Ok(())
 }

-pub fn remove_mounts(mounts: &Vec<String>) -> Result<()> {
+pub fn remove_mounts(mounts: &[String]) -> Result<()> {
    for m in mounts.iter() {
        mount::umount(m.as_str()).context(format!("failed to umount {:?}", m))?;
    }
@@ -675,7 +671,7 @@ fn ensure_destination_exists(destination: &str, fs_type: &str) -> Result<()> {
 fn parse_options(option_list: Vec<String>) -> HashMap<String, String> {
    let mut options = HashMap::new();
    for opt in option_list.iter() {
-        let fields: Vec<&str> = opt.split("=").collect();
+        let fields: Vec<&str> = opt.split('=').collect();
        if fields.len() != 2 {
            continue;
        }
@@ -801,7 +797,7 @@ mod tests {
            let src_filename: String;
            let dest_filename: String;

-            if d.src != "" {
+            if !d.src.is_empty() {
                src = dir.path().join(d.src.to_string());
                src_filename = src
                    .to_str()
@@ -811,7 +807,7 @@ mod tests {
                src_filename = "".to_owned();
            }

-            if d.dest != "" {
+            if !d.dest.is_empty() {
                dest = dir.path().join(d.dest.to_string());
                dest_filename = dest
                    .to_str()
@@ -823,7 +819,7 @@ mod tests {

            // Create the mount directories
            for d in [src_filename.clone(), dest_filename.clone()].iter() {
-                if d == "" {
+                if d.is_empty() {
                    continue;
                }

@@ -843,7 +839,7 @@ mod tests {

            let msg = format!("{}: result: {:?}", msg, result);

-            if d.error_contains == "" {
+            if d.error_contains.is_empty() {
                assert!(result.is_ok(), msg);

                // Cleanup
@@ -856,7 +852,7 @@ mod tests {

                    let msg = format!("{}: umount result: {:?}", msg, result);

-                    assert!(ret == 0, format!("{}", msg));
+                    assert!(ret == 0, msg);
                };

                continue;
@@ -914,7 +910,8 @@ mod tests {
            .expect("failed to create mount destination filename");

        for d in [test_dir_filename, mnt_src_filename, mnt_dest_filename].iter() {
-            std::fs::create_dir_all(d).expect(&format!("failed to create directory {}", d));
+            std::fs::create_dir_all(d)
+                .unwrap_or_else(|_| panic!("failed to create directory {}", d));
        }

        // Create an actual mount
@@ -960,7 +957,7 @@ mod tests {

            let msg = format!("{}: result: {:?}", msg, result);

-            if d.error_contains == "" {
+            if d.error_contains.is_empty() {
                assert!(result.is_ok(), msg);
                continue;
            }
@@ -1055,20 +1052,20 @@ mod tests {

            let filename = file_path
                .to_str()
-                .expect(&format!("{}: failed to create filename", msg));
+                .unwrap_or_else(|| panic!("{}: failed to create filename", msg));

            let mut file =
-                File::create(filename).expect(&format!("{}: failed to create file", msg));
+                File::create(filename).unwrap_or_else(|_| panic!("{}: failed to create file", msg));

            file.write_all(d.contents.as_bytes())
-                .expect(&format!("{}: failed to write file contents", msg));
+                .unwrap_or_else(|_| panic!("{}: failed to write file contents", msg));

            let result = get_mount_fs_type_from_file(filename, d.mount_point);

            // add more details if an assertion fails
            let msg = format!("{}: result: {:?}", msg, result);

-            if d.error_contains == "" {
+            if d.error_contains.is_empty() {
                let fs_type = result.unwrap();

                assert!(d.fs_type == fs_type, msg);
@@ -1217,15 +1214,15 @@ mod tests {
                .expect("failed to create cgroup file filename");

            let mut file =
-                File::create(filename).expect(&format!("{}: failed to create file", msg));
+                File::create(filename).unwrap_or_else(|_| panic!("{}: failed to create file", msg));

            file.write_all(d.contents.as_bytes())
-                .expect(&format!("{}: failed to write file contents", msg));
+                .unwrap_or_else(|_| panic!("{}: failed to write file contents", msg));

            let result = get_cgroup_mounts(&logger, filename, false);
            let msg = format!("{}: result: {:?}", msg, result);

-            if d.error_contains != "" {
+            if !d.error_contains.is_empty() {
                assert!(result.is_err(), msg);

                let error_msg = format!("{}", result.unwrap_err());
--- a/src/agent/src/namespace.rs
+++ b/src/agent/src/namespace.rs
@@ -16,7 +16,6 @@ use std::thread::{self};
 use crate::mount::{BareMount, FLAGS};
 use slog::Logger;

-//use container::Process;
 const PERSISTENT_NS_DIR: &str = "/var/run/sandbox-ns";
 pub const NSTYPEIPC: &str = "ipc";
 pub const NSTYPEUTS: &str = "uts";
@@ -52,20 +51,20 @@ impl Namespace {
        }
    }

-    pub fn as_ipc(mut self) -> Self {
+    pub fn get_ipc(mut self) -> Self {
        self.ns_type = NamespaceType::IPC;
        self
    }

-    pub fn as_uts(mut self, hostname: &str) -> Self {
+    pub fn get_uts(mut self, hostname: &str) -> Self {
        self.ns_type = NamespaceType::UTS;
-        if hostname != "" {
+        if !hostname.is_empty() {
            self.hostname = Some(String::from(hostname));
        }
        self
    }

-    pub fn as_pid(mut self) -> Self {
+    pub fn get_pid(mut self) -> Self {
        self.ns_type = NamespaceType::PID;
        self
    }
@@ -81,7 +80,10 @@ impl Namespace {
        fs::create_dir_all(&self.persistent_ns_dir)?;

        let ns_path = PathBuf::from(&self.persistent_ns_dir);
-        let ns_type = self.ns_type.clone();
+        let ns_type = self.ns_type;
+        if ns_type == NamespaceType::PID {
+            return Err(anyhow!("Cannot persist namespace of PID type"));
+        }
        let logger = self.logger.clone();

        let new_ns_path = ns_path.join(&ns_type.get());
@@ -97,7 +99,7 @@ impl Namespace {
            File::open(Path::new(&origin_ns_path))?;

            // Create a new netns on the current thread.
-            let cf = ns_type.get_flags().clone();
+            let cf = ns_type.get_flags();

            unshare(cf)?;

@@ -110,12 +112,9 @@ impl Namespace {

            let mut flags = MsFlags::empty();

-            match FLAGS.get("rbind") {
-                Some(x) => {
-                    let (_, f) = *x;
-                    flags = flags | f;
-                }
-                None => (),
+            if let Some(x) = FLAGS.get("rbind") {
+                let (_, f) = *x;
+                flags |= f;
            };

            let bare_mount = BareMount::new(source, destination, "none", flags, "", &logger);
@@ -194,23 +193,34 @@ mod tests {
        let tmpdir = Builder::new().prefix("ipc").tempdir().unwrap();

        let ns_ipc = Namespace::new(&logger)
-            .as_ipc()
+            .get_ipc()
            .set_root_dir(tmpdir.path().to_str().unwrap())
            .setup();

        assert!(ns_ipc.is_ok());
-        assert!(remove_mounts(&vec![ns_ipc.unwrap().path]).is_ok());
+        assert!(remove_mounts(&[ns_ipc.unwrap().path]).is_ok());

        let logger = slog::Logger::root(slog::Discard, o!());
-        let tmpdir = Builder::new().prefix("ipc").tempdir().unwrap();
+        let tmpdir = Builder::new().prefix("uts").tempdir().unwrap();

        let ns_uts = Namespace::new(&logger)
-            .as_uts("test_hostname")
+            .get_uts("test_hostname")
            .set_root_dir(tmpdir.path().to_str().unwrap())
            .setup();

        assert!(ns_uts.is_ok());
-        assert!(remove_mounts(&vec![ns_uts.unwrap().path]).is_ok());
+        assert!(remove_mounts(&[ns_uts.unwrap().path]).is_ok());
+
+        // Check it cannot persist pid namespaces.
+        let logger = slog::Logger::root(slog::Discard, o!());
+        let tmpdir = Builder::new().prefix("pid").tempdir().unwrap();
+
+        let ns_pid = Namespace::new(&logger)
+            .get_pid()
+            .set_root_dir(tmpdir.path().to_str().unwrap())
+            .setup();
+
+        assert!(ns_pid.is_err());
    }

    #[test]
--- a/src/agent/src/netlink.rs
+++ b/src/agent/src/netlink.rs
--- a/src/agent/src/network.rs
+++ b/src/agent/src/network.rs
@@ -48,7 +48,7 @@ pub fn setup_guest_dns(logger: Logger, dns_list: Vec<String>) -> Result<()> {
 fn do_setup_guest_dns(logger: Logger, dns_list: Vec<String>, src: &str, dst: &str) -> Result<()> {
    let logger = logger.new(o!( "subsystem" => "network"));

-    if dns_list.len() == 0 {
+    if dns_list.is_empty() {
        info!(
            logger,
            "Did not set sandbox DNS as DNS not received as part of request."
@@ -117,12 +117,12 @@ mod tests {
        ];

        // write to /run/kata-containers/sandbox/resolv.conf
-        let mut src_file =
-            File::create(src_filename).expect(&format!("failed to create file {:?}", src_filename));
+        let mut src_file = File::create(src_filename)
+            .unwrap_or_else(|_| panic!("failed to create file {:?}", src_filename));
        let content = dns.join("\n");
        src_file
            .write_all(content.as_bytes())
-            .expect(&format!("failed to write file contents"));
+            .expect("failed to write file contents");

        // call do_setup_guest_dns
        let result = do_setup_guest_dns(logger, dns.clone(), src_filename, dst_filename);
--- a/src/agent/src/random.rs
+++ b/src/agent/src/random.rs
@@ -4,7 +4,6 @@
 //

 use anyhow::Result;
-use libc;
 use nix::errno::Errno;
 use nix::fcntl::{self, OFlag};
 use nix::sys::stat::Mode;
--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@@ -6,7 +6,7 @@
 use std::path::Path;
 use std::sync::mpsc::channel;
 use std::sync::{Arc, Mutex};
-use ttrpc;
+use ttrpc::{self, error::get_rpc_status as ttrpc_error};

 use anyhow::{anyhow, Context, Result};
 use oci::{LinuxNamespace, Root, Spec};
@@ -21,7 +21,6 @@ use protocols::health::{
    HealthCheckResponse, HealthCheckResponse_ServingStatus, VersionCheckResponse,
 };
 use protocols::types::Interface;
-use rustjail;
 use rustjail::cgroups::notifier;
 use rustjail::container::{BaseContainer, Container, LinuxContainer};
 use rustjail::process::Process;
@@ -47,7 +46,6 @@ use crate::AGENT_CONFIG;
 use netlink::{RtnlHandle, NETLINK_ROUTE};

 use libc::{self, c_ushort, pid_t, winsize, TIOCSWINSZ};
-use serde_json;
 use std::convert::TryFrom;
 use std::fs;
 use std::os::unix::io::RawFd;
@@ -152,14 +150,13 @@ impl agentService {

        let pipe_size = AGENT_CONFIG.read().unwrap().container_pipe_size;
        let p = if oci.process.is_some() {
-            let tp = Process::new(
+            Process::new(
                &sl!(),
                &oci.process.as_ref().unwrap(),
                cid.as_str(),
                true,
                pipe_size,
-            )?;
-            tp
+            )?
        } else {
            info!(sl!(), "no process configurations!");
            return Err(anyhow!(nix::Error::from_errno(nix::errno::Errno::EINVAL)));
@@ -175,7 +172,7 @@ impl agentService {
    }

    fn do_start_container(&self, req: protocols::agent::StartContainerRequest) -> Result<()> {
-        let cid = req.container_id.clone();
+        let cid = req.container_id;

        let sandbox = self.sandbox.clone();
        let mut s = sandbox.lock().unwrap();
@@ -183,7 +180,7 @@ impl agentService {

        let ctr = s
            .get_container(&cid)
-            .ok_or(anyhow!("Invalid container id"))?;
+            .ok_or_else(|| anyhow!("Invalid container id"))?;

        ctr.exec()?;

@@ -206,9 +203,7 @@ impl agentService {
        let mut remove_container_resources = |sandbox: &mut Sandbox| -> Result<()> {
            // Find the sandbox storage used by this container
            let mounts = sandbox.container_mounts.get(&cid);
-            if mounts.is_some() {
-                let mounts = mounts.unwrap();
-
+            if let Some(mounts) = mounts {
                remove_mounts(&mounts)?;

                for m in mounts.iter() {
@@ -232,7 +227,7 @@ impl agentService {
            let mut sandbox = s.lock().unwrap();
            let ctr = sandbox
                .get_container(&cid)
-                .ok_or(anyhow!("Invalid container id"))?;
+                .ok_or_else(|| anyhow!("Invalid container id"))?;

            ctr.destroy()?;

@@ -250,11 +245,11 @@ impl agentService {
            let mut sandbox = s.lock().unwrap();
            let _ctr = sandbox
                .get_container(&cid2)
-                .ok_or(anyhow!("Invalid container id"))
-                .and_then(|ctr| {
+                .ok_or_else(|| anyhow!("Invalid container id"))
+                .map(|ctr| {
                    ctr.destroy().unwrap();
                    tx.send(1).unwrap();
-                    Ok(ctr)
+                    ctr
                });
        });

@@ -277,7 +272,7 @@ impl agentService {
        let cid = req.container_id.clone();
        let exec_id = req.exec_id.clone();

-        info!(sl!(), "cid: {} eid: {}", cid.clone(), exec_id.clone());
+        info!(sl!(), "cid: {} eid: {}", cid, exec_id);

        let s = self.sandbox.clone();
        let mut sandbox = s.lock().unwrap();
@@ -294,7 +289,7 @@ impl agentService {

        let ctr = sandbox
            .get_container(&cid)
-            .ok_or(anyhow!("Invalid container id"))?;
+            .ok_or_else(|| anyhow!("Invalid container id"))?;

        ctr.run(p)?;

@@ -315,7 +310,7 @@ impl agentService {
            "exec-id" => eid.clone(),
        );

-        if eid == "" {
+        if eid.is_empty() {
            init = true;
        }

@@ -340,7 +335,7 @@ impl agentService {
        req: protocols::agent::WaitProcessRequest,
    ) -> Result<protocols::agent::WaitProcessResponse> {
        let cid = req.container_id.clone();
-        let eid = req.exec_id.clone();
+        let eid = req.exec_id;
        let s = self.sandbox.clone();
        let mut resp = WaitProcessResponse::new();
        let pid: pid_t;
@@ -376,7 +371,7 @@ impl agentService {
        let mut sandbox = s.lock().unwrap();
        let ctr = sandbox
            .get_container(&cid)
-            .ok_or(anyhow!("Invalid container id"))?;
+            .ok_or_else(|| anyhow!("Invalid container id"))?;

        let mut p = match ctr.processes.get_mut(&pid) {
            Some(p) => p,
@@ -519,10 +514,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::CreateContainerRequest,
    ) -> ttrpc::Result<Empty> {
        match self.do_create_container(req) {
-            Err(e) => Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                e.to_string(),
-            ))),
+            Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
            Ok(_) => Ok(Empty::new()),
        }
    }
@@ -533,10 +525,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::StartContainerRequest,
    ) -> ttrpc::Result<Empty> {
        match self.do_start_container(req) {
-            Err(e) => Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                e.to_string(),
-            ))),
+            Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
            Ok(_) => Ok(Empty::new()),
        }
    }
@@ -547,10 +536,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::RemoveContainerRequest,
    ) -> ttrpc::Result<Empty> {
        match self.do_remove_container(req) {
-            Err(e) => Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                e.to_string(),
-            ))),
+            Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
            Ok(_) => Ok(Empty::new()),
        }
    }
@@ -561,10 +547,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::ExecProcessRequest,
    ) -> ttrpc::Result<Empty> {
        match self.do_exec_process(req) {
-            Err(e) => Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                e.to_string(),
-            ))),
+            Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
            Ok(_) => Ok(Empty::new()),
        }
    }
@@ -575,10 +558,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::SignalProcessRequest,
    ) -> ttrpc::Result<Empty> {
        match self.do_signal_process(req) {
-            Err(e) => Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                e.to_string(),
-            ))),
+            Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
            Ok(_) => Ok(Empty::new()),
        }
    }
@@ -588,9 +568,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::WaitProcessRequest,
    ) -> ttrpc::Result<WaitProcessResponse> {
-        self.do_wait_process(req).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })
+        self.do_wait_process(req)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))
    }

    fn list_processes(
@@ -600,18 +579,18 @@ impl protocols::agent_ttrpc::AgentService for agentService {
    ) -> ttrpc::Result<ListProcessesResponse> {
        let cid = req.container_id.clone();
        let format = req.format.clone();
-        let mut args = req.args.clone().into_vec();
+        let mut args = req.args.into_vec();
        let mut resp = ListProcessesResponse::new();

        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

-        let ctr = sandbox
-            .get_container(&cid)
-            .ok_or(ttrpc::Error::RpcStatus(ttrpc::get_status(
+        let ctr = sandbox.get_container(&cid).ok_or_else(|| {
+            ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
                "invalid container id".to_string(),
-            )))?;
+            )
+        })?;

        let pids = ctr.processes().unwrap();

@@ -622,15 +601,15 @@ impl protocols::agent_ttrpc::AgentService for agentService {
                return Ok(resp);
            }
            _ => {
-                return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
+                return Err(ttrpc_error(
                    ttrpc::Code::INVALID_ARGUMENT,
                    "invalid format!".to_string(),
-                )));
+                ));
            }
        }

        // format "table"
-        if args.len() == 0 {
+        if args.is_empty() {
            // default argument
            args = vec!["-ef".to_string()];
        }
@@ -688,12 +667,12 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

-        let ctr = sandbox
-            .get_container(&cid)
-            .ok_or(ttrpc::Error::RpcStatus(ttrpc::get_status(
+        let ctr = sandbox.get_container(&cid).ok_or_else(|| {
+            ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
                "invalid container id".to_string(),
-            )))?;
+            )
+        })?;

        let resp = Empty::new();

@@ -701,10 +680,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
            let ociRes = rustjail::resources_grpc_to_oci(&res.unwrap());
            match ctr.set(ociRes) {
                Err(e) => {
-                    return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                        ttrpc::Code::INTERNAL,
-                        e.to_string(),
-                    )));
+                    return Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()));
                }

                Ok(_) => return Ok(resp),
@@ -719,20 +695,19 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::StatsContainerRequest,
    ) -> ttrpc::Result<StatsContainerResponse> {
-        let cid = req.container_id.clone();
+        let cid = req.container_id;
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

-        let ctr = sandbox
-            .get_container(&cid)
-            .ok_or(ttrpc::Error::RpcStatus(ttrpc::get_status(
+        let ctr = sandbox.get_container(&cid).ok_or_else(|| {
+            ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
                "invalid container id".to_string(),
-            )))?;
+            )
+        })?;

-        ctr.stats().map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })
+        ctr.stats()
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))
    }

    fn pause_container(
@@ -744,17 +719,16 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

-        let ctr = sandbox
-            .get_container(&cid)
-            .ok_or(ttrpc::Error::RpcStatus(ttrpc::get_status(
+        let ctr = sandbox.get_container(&cid).ok_or_else(|| {
+            ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
                "invalid container id".to_string(),
-            )))?;
-
-        ctr.pause().map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
+            )
        })?;

+        ctr.pause()
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
+
        Ok(Empty::new())
    }

@@ -767,17 +741,16 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

-        let ctr = sandbox
-            .get_container(&cid)
-            .ok_or(ttrpc::Error::RpcStatus(ttrpc::get_status(
+        let ctr = sandbox.get_container(&cid).ok_or_else(|| {
+            ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
                "invalid container id".to_string(),
-            )))?;
-
-        ctr.resume().map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
+            )
        })?;

+        ctr.resume()
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
+
        Ok(Empty::new())
    }

@@ -786,9 +759,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::WriteStreamRequest,
    ) -> ttrpc::Result<WriteStreamResponse> {
-        self.do_write_stream(req).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })
+        self.do_write_stream(req)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))
    }

    fn read_stdout(
@@ -796,9 +768,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::ReadStreamRequest,
    ) -> ttrpc::Result<ReadStreamResponse> {
-        self.do_read_stream(req, true).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })
+        self.do_read_stream(req, true)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))
    }

    fn read_stderr(
@@ -806,9 +777,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::ReadStreamRequest,
    ) -> ttrpc::Result<ReadStreamResponse> {
-        self.do_read_stream(req, false).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })
+        self.do_read_stream(req, false)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))
    }

    fn close_stdin(
@@ -817,15 +787,15 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::CloseStdinRequest,
    ) -> ttrpc::Result<Empty> {
        let cid = req.container_id.clone();
-        let eid = req.exec_id.clone();
+        let eid = req.exec_id;
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

        let p = find_process(&mut sandbox, cid.as_str(), eid.as_str(), false).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(
+            ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
                format!("invalid argument: {:?}", e),
-            ))
+            )
        })?;

        if p.term_master.is_some() {
@@ -851,17 +821,14 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();
        let p = find_process(&mut sandbox, cid.as_str(), eid.as_str(), false).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(
+            ttrpc_error(
                ttrpc::Code::UNAVAILABLE,
                format!("invalid argument: {:?}", e),
-            ))
+            )
        })?;

        if p.term_master.is_none() {
-            return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::UNAVAILABLE,
-                "no tty".to_string(),
-            )));
+            return Err(ttrpc_error(ttrpc::Code::UNAVAILABLE, "no tty".to_string()));
        }

        let fd = p.term_master.unwrap();
@@ -874,12 +841,9 @@ impl protocols::agent_ttrpc::AgentService for agentService {
            };

            let err = libc::ioctl(fd, TIOCSWINSZ, &win);
-            Errno::result(err).map(drop).map_err(|e| {
-                ttrpc::Error::RpcStatus(ttrpc::get_status(
-                    ttrpc::Code::INTERNAL,
-                    format!("ioctl error: {:?}", e),
-                ))
-            })?;
+            Errno::result(err)
+                .map(drop)
+                .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, format!("ioctl error: {:?}", e)))?;
        }

        Ok(Empty::new())
@@ -891,13 +855,13 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::UpdateInterfaceRequest,
    ) -> ttrpc::Result<Interface> {
        if req.interface.is_none() {
-            return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
+            return Err(ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
-                format!("empty update interface request"),
-            )));
+                "empty update interface request".to_string(),
+            ));
        }

-        let interface = req.interface.clone();
+        let interface = req.interface;
        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();

@@ -910,10 +874,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let iface = rtnl
            .update_interface(interface.as_ref().unwrap())
            .map_err(|e| {
-                ttrpc::Error::RpcStatus(ttrpc::get_status(
-                    ttrpc::Code::INTERNAL,
-                    format!("update interface: {:?}", e),
-                ))
+                ttrpc_error(ttrpc::Code::INTERNAL, format!("update interface: {:?}", e))
            })?;

        Ok(iface)
@@ -926,13 +887,13 @@ impl protocols::agent_ttrpc::AgentService for agentService {
    ) -> ttrpc::Result<Routes> {
        let mut routes = protocols::agent::Routes::new();
        if req.routes.is_none() {
-            return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
+            return Err(ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
-                format!("empty update routes request"),
-            )));
+                "empty update routes request".to_string(),
+            ));
        }

-        let rs = req.routes.clone().unwrap().Routes.into_vec();
+        let rs = req.routes.unwrap().Routes.into_vec();

        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();
@@ -944,12 +905,9 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let rtnl = sandbox.rtnl.as_mut().unwrap();

        // get current routes to return when error out
-        let crs = rtnl.list_routes().map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                format!("update routes: {:?}", e),
-            ))
-        })?;
+        let crs = rtnl
+            .list_routes()
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, format!("update routes: {:?}", e)))?;

        let v = match rtnl.update_routes(rs.as_ref()) {
            Ok(value) => value,
@@ -975,12 +933,9 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        }

        let rtnl = sandbox.rtnl.as_mut().unwrap();
-        let v = rtnl.list_interfaces().map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                format!("list interface: {:?}", e),
-            ))
-        })?;
+        let v = rtnl
+            .list_interfaces()
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, format!("list interface: {:?}", e)))?;

        interface.set_Interfaces(RepeatedField::from_vec(v));

@@ -1002,12 +957,9 @@ impl protocols::agent_ttrpc::AgentService for agentService {

        let rtnl = sandbox.rtnl.as_mut().unwrap();

-        let v = rtnl.list_routes().map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                format!("list routes: {:?}", e),
-            ))
-        })?;
+        let v = rtnl
+            .list_routes()
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, format!("list routes: {:?}", e)))?;

        routes.set_Routes(RepeatedField::from_vec(v));

@@ -1055,19 +1007,17 @@ impl protocols::agent_ttrpc::AgentService for agentService {
                });
            }

-            if req.sandbox_id.len() > 0 {
+            if !req.sandbox_id.is_empty() {
                s.id = req.sandbox_id.clone();
            }

            for m in req.kernel_modules.iter() {
-                let _ = load_kernel_module(m).map_err(|e| {
-                    ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-                })?;
+                let _ = load_kernel_module(m)
+                    .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
            }

-            s.setup_shared_namespaces().map_err(|e| {
-                ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-            })?;
+            s.setup_shared_namespaces()
+                .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
        }

        match add_storages(sl!(), req.storages.to_vec(), self.sandbox.clone()) {
@@ -1076,30 +1026,20 @@ impl protocols::agent_ttrpc::AgentService for agentService {
                let mut s = sandbox.lock().unwrap();
                s.mounts = m
            }
-            Err(e) => {
-                return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                    ttrpc::Code::INTERNAL,
-                    e.to_string(),
-                )))
-            }
+            Err(e) => return Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
        };

        match setup_guest_dns(sl!(), req.dns.to_vec()) {
            Ok(_) => {
                let sandbox = self.sandbox.clone();
                let mut s = sandbox.lock().unwrap();
-                let _ = req
+                let _dns = req
                    .dns
                    .to_vec()
                    .iter()
                    .map(|dns| s.network.set_dns(dns.to_string()));
            }
-            Err(e) => {
-                return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                    ttrpc::Code::INTERNAL,
-                    e.to_string(),
-                )))
-            }
+            Err(e) => return Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
        };

        Ok(Empty::new())
@@ -1128,13 +1068,13 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::AddARPNeighborsRequest,
    ) -> ttrpc::Result<Empty> {
        if req.neighbors.is_none() {
-            return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
+            return Err(ttrpc_error(
                ttrpc::Code::INVALID_ARGUMENT,
-                format!("empty add arp neighbours request"),
-            )));
+                "empty add arp neighbours request".to_string(),
+            ));
        }

-        let neighs = req.neighbors.clone().unwrap().ARPNeighbors.into_vec();
+        let neighs = req.neighbors.unwrap().ARPNeighbors.into_vec();

        let s = Arc::clone(&self.sandbox);
        let mut sandbox = s.lock().unwrap();
@@ -1145,9 +1085,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {

        let rtnl = sandbox.rtnl.as_mut().unwrap();

-        rtnl.add_arp_neighbors(neighs.as_ref()).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })?;
+        rtnl.add_arp_neighbors(neighs.as_ref())
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;

        Ok(Empty::new())
    }
@@ -1160,9 +1099,9 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        let s = Arc::clone(&self.sandbox);
        let sandbox = s.lock().unwrap();

-        sandbox.online_cpu_memory(&req).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })?;
+        sandbox
+            .online_cpu_memory(&req)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;

        Ok(Empty::new())
    }
@@ -1172,9 +1111,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::ReseedRandomDevRequest,
    ) -> ttrpc::Result<Empty> {
-        random::reseed_rng(req.data.as_slice()).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })?;
+        random::reseed_rng(req.data.as_slice())
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;

        Ok(Empty::new())
    }
@@ -1194,10 +1132,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
            }
            Err(e) => {
                info!(sl!(), "fail to get memory info!");
-                return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                    ttrpc::Code::INTERNAL,
-                    e.to_string(),
-                )));
+                return Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()));
            }
        }

@@ -1213,9 +1148,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::MemHotplugByProbeRequest,
    ) -> ttrpc::Result<Empty> {
-        do_mem_hotplug_by_probe(&req.memHotplugProbeAddr).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })?;
+        do_mem_hotplug_by_probe(&req.memHotplugProbeAddr)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;

        Ok(Empty::new())
    }
@@ -1225,9 +1159,8 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::SetGuestDateTimeRequest,
    ) -> ttrpc::Result<Empty> {
-        do_set_guest_date_time(req.Sec, req.Usec).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })?;
+        do_set_guest_date_time(req.Sec, req.Usec)
+            .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;

        Ok(Empty::new())
    }
@@ -1237,9 +1170,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::CopyFileRequest,
    ) -> ttrpc::Result<Empty> {
-        do_copy_file(&req).map_err(|e| {
-            ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::INTERNAL, e.to_string()))
-        })?;
+        do_copy_file(&req).map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;

        Ok(Empty::new())
    }
@@ -1250,10 +1181,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        req: protocols::agent::GetMetricsRequest,
    ) -> ttrpc::Result<Metrics> {
        match get_metrics(&req) {
-            Err(e) => Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                ttrpc::Code::INTERNAL,
-                e.to_string(),
-            ))),
+            Err(e) => Err(ttrpc_error(ttrpc::Code::INTERNAL, e.to_string())),
            Ok(s) => {
                let mut metrics = Metrics::new();
                metrics.set_metrics(s);
@@ -1275,17 +1203,12 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        drop(sandbox);

        match event_rx.recv() {
-            Err(err) => {
-                return Err(ttrpc::Error::RpcStatus(ttrpc::get_status(
-                    ttrpc::Code::INTERNAL,
-                    err.to_string(),
-                )))
-            }
+            Err(err) => Err(ttrpc_error(ttrpc::Code::INTERNAL, err.to_string())),
            Ok(container_id) => {
                info!(sl!(), "get_oom_event return {}", &container_id);
                let mut resp = OOMEvent::new();
                resp.container_id = container_id;
-                return Ok(resp);
+                Ok(resp)
            }
        }
    }
@@ -1325,7 +1248,7 @@ fn get_memory_info(block_size: bool, hotplug: bool) -> Result<(u64, bool)> {
    if block_size {
        match fs::read_to_string(SYSFS_MEMORY_BLOCK_SIZE_PATH) {
            Ok(v) => {
-                if v.len() == 0 {
+                if v.is_empty() {
                    info!(sl!(), "string in empty???");
                    return Err(anyhow!("Invalid block size"));
                }
@@ -1404,7 +1327,7 @@ fn read_stream(fd: RawFd, l: usize) -> Result<Vec<u8>> {
        }
        Err(e) => match e {
            nix::Error::Sys(errno) => match errno {
-                Errno::EAGAIN => v.resize(0, 0),
+                Errno::EAGAIN => v.clear(),
                _ => return Err(anyhow!(nix::Error::Sys(errno))),
            },
            _ => return Err(anyhow!("read error")),
@@ -1422,13 +1345,13 @@ fn find_process<'a>(
 ) -> Result<&'a mut Process> {
    let ctr = sandbox
        .get_container(cid)
-        .ok_or(anyhow!("Invalid container id"))?;
+        .ok_or_else(|| anyhow!("Invalid container id"))?;

-    if init || eid == "" {
+    if init || eid.is_empty() {
        return ctr
            .processes
            .get_mut(&ctr.init_process_pid)
-            .ok_or(anyhow!("cannot find init process!"));
+            .ok_or_else(|| anyhow!("cannot find init process!"));
    }

    ctr.get_process(eid).map_err(|_| anyhow!("Invalid exec id"))
@@ -1478,7 +1401,7 @@ fn update_container_namespaces(
    let linux = spec
        .linux
        .as_mut()
-        .ok_or(anyhow!("Spec didn't container linux field"))?;
+        .ok_or_else(|| anyhow!("Spec didn't container linux field"))?;

    let namespaces = linux.namespaces.as_mut_slice();
    for namespace in namespaces.iter_mut() {
@@ -1492,8 +1415,10 @@ fn update_container_namespaces(
        }
    }
    // update pid namespace
-    let mut pid_ns = LinuxNamespace::default();
-    pid_ns.r#type = NSTYPEPID.to_string();
+    let mut pid_ns = LinuxNamespace {
+        r#type: NSTYPEPID.to_string(),
+        ..Default::default()
+    };

    // Use shared pid ns if useSandboxPidns has been set in either
    // the create_sandbox request or create_container request.
@@ -1546,7 +1471,7 @@ fn is_signal_handled(pid: pid_t, signum: u32) -> bool {
            }
        };
        if line.starts_with("SigCgt:") {
-            let mask_vec: Vec<&str> = line.split(":").collect();
+            let mask_vec: Vec<&str> = line.split(':').collect();
            if mask_vec.len() != 2 {
                warn!(sl!(), "parse the SigCgt field failed\n");
                return false;
@@ -1566,7 +1491,7 @@ fn is_signal_handled(pid: pid_t, signum: u32) -> bool {
    false
 }

-fn do_mem_hotplug_by_probe(addrs: &Vec<u64>) -> Result<()> {
+fn do_mem_hotplug_by_probe(addrs: &[u64]) -> Result<()> {
    for addr in addrs.iter() {
        fs::write(SYSFS_MEMORY_HOTPLUG_PROBE_PATH, format!("{:#X}", *addr))?;
    }
@@ -1579,8 +1504,12 @@ fn do_set_guest_date_time(sec: i64, usec: i64) -> Result<()> {
        tv_usec: usec,
    };

-    let ret =
-        unsafe { libc::settimeofday(&tv as *const libc::timeval, 0 as *const libc::timezone) };
+    let ret = unsafe {
+        libc::settimeofday(
+            &tv as *const libc::timeval,
+            std::ptr::null::<libc::timezone>(),
+        )
+    };

    Errno::result(ret).map(drop)?;

@@ -1596,8 +1525,8 @@ fn do_copy_file(req: &CopyFileRequest) -> Result<()> {

    let parent = path.parent();

-    let dir = if parent.is_some() {
-        parent.unwrap().to_path_buf()
+    let dir = if let Some(parent) = parent {
+        parent.to_path_buf()
    } else {
        PathBuf::from("/")
    };
@@ -1657,8 +1586,8 @@ fn setup_bundle(cid: &str, spec: &mut Spec) -> Result<PathBuf> {
    let spec_root = spec.root.as_ref().unwrap();

    let bundle_path = Path::new(CONTAINER_BASE).join(cid);
-    let config_path = bundle_path.clone().join("config.json");
-    let rootfs_path = bundle_path.clone().join("rootfs");
+    let config_path = bundle_path.join("config.json");
+    let rootfs_path = bundle_path.join("rootfs");

    fs::create_dir_all(&rootfs_path)?;
    BareMount::new(
@@ -1689,7 +1618,7 @@ fn setup_bundle(cid: &str, spec: &mut Spec) -> Result<PathBuf> {
 }

 fn load_kernel_module(module: &protocols::agent::KernelModule) -> Result<()> {
-    if module.name == "" {
+    if module.name.is_empty() {
        return Err(anyhow!("Kernel module name is empty"));
    }

@@ -1722,9 +1651,9 @@ fn load_kernel_module(module: &protocols::agent::KernelModule) -> Result<()> {
                "load_kernel_module return code: {} stdout:{} stderr:{}",
                code, std_out, std_err
            );
-            return Err(anyhow!(msg));
+            Err(anyhow!(msg))
        }
-        None => return Err(anyhow!("Process terminated by signal")),
+        None => Err(anyhow!("Process terminated by signal")),
    }
 }

@@ -1736,17 +1665,16 @@ mod tests {
    use std::sync::mpsc::{Receiver, Sender};
    use ttrpc::{MessageHeader, TtrpcContext};

-    fn mk_ttrpc_context() -> (TtrpcContext, Receiver<(MessageHeader, Vec<u8>)>) {
+    type Message = (MessageHeader, Vec<u8>);
+
+    fn mk_ttrpc_context() -> (TtrpcContext, Receiver<Message>) {
        let mh = MessageHeader::default();

-        let (tx, rx): (
-            Sender<(MessageHeader, Vec<u8>)>,
-            Receiver<(MessageHeader, Vec<u8>)>,
-        ) = channel();
+        let (tx, rx): (Sender<Message>, Receiver<Message>) = channel();

        let ctx = TtrpcContext {
            fd: -1,
-            mh: mh,
+            mh,
            res_tx: tx,
        };

@@ -1755,10 +1683,12 @@ mod tests {

    #[test]
    fn test_load_kernel_module() {
-        let mut m = protocols::agent::KernelModule::default();
+        let mut m = protocols::agent::KernelModule {
+            name: "module_not_exists".to_string(),
+            ..Default::default()
+        };

        // case 1: module not exists
-        m.name = "module_not_exists".to_string();
        let result = load_kernel_module(&m);
        assert!(result.is_err(), "load module should failed");

--- a/src/agent/src/sandbox.rs
+++ b/src/agent/src/sandbox.rs
@@ -3,7 +3,6 @@
 // SPDX-License-Identifier: Apache-2.0
 //

-//use crate::container::Container;
 use crate::linux_abi::*;
 use crate::mount::{get_mount_fs_type, remove_mounts, TYPEROOTFS};
 use crate::namespace::Namespace;
@@ -75,7 +74,7 @@ impl Sandbox {
            sender: None,
            rtnl: Some(RtnlHandle::new(NETLINK_ROUTE, 0).unwrap()),
            hooks: None,
-            event_rx: event_rx,
+            event_rx,
            event_tx: tx,
        })
    }
@@ -112,14 +111,14 @@ impl Sandbox {
    // acquiring a lock on sandbox.
    pub fn unset_sandbox_storage(&mut self, path: &str) -> Result<bool> {
        match self.storages.get_mut(path) {
-            None => return Err(anyhow!("Sandbox storage with path {} not found", path)),
+            None => Err(anyhow!("Sandbox storage with path {} not found", path)),
            Some(count) => {
                *count -= 1;
                if *count < 1 {
                    self.storages.remove(path);
                    return Ok(true);
                }
-                return Ok(false);
+                Ok(false)
            }
        }
    }
@@ -161,13 +160,13 @@ impl Sandbox {
    pub fn setup_shared_namespaces(&mut self) -> Result<bool> {
        // Set up shared IPC namespace
        self.shared_ipcns = Namespace::new(&self.logger)
-            .as_ipc()
+            .get_ipc()
            .setup()
            .context("Failed to setup persistent IPC namespace")?;

        // // Set up shared UTS namespace
        self.shared_utsns = Namespace::new(&self.logger)
-            .as_uts(self.hostname.as_str())
+            .get_uts(self.hostname.as_str())
            .setup()
            .context("Failed to setup persistent UTS namespace")?;

@@ -184,7 +183,7 @@ impl Sandbox {
        // This means a separate pause process has not been created. We treat the
        // first container created as the infra container in that case
        // and use its pid namespace in case pid namespace needs to be shared.
-        if self.sandbox_pidns.is_none() && self.containers.len() == 0 {
+        if self.sandbox_pidns.is_none() && self.containers.is_empty() {
            let init_pid = c.init_process_pid;
            if init_pid == -1 {
                return Err(anyhow!(
@@ -192,7 +191,7 @@ impl Sandbox {
                ));
            }

-            let mut pid_ns = Namespace::new(&self.logger).as_pid();
+            let mut pid_ns = Namespace::new(&self.logger).get_pid();
            pid_ns.path = format!("/proc/{}/ns/pid", init_pid);

            self.sandbox_pidns = Some(pid_ns);
@@ -216,7 +215,7 @@ impl Sandbox {
    }

    pub fn destroy(&mut self) -> Result<()> {
-        for (_, ctr) in &mut self.containers {
+        for ctr in self.containers.values_mut() {
            ctr.destroy()?;
        }
        Ok(())
@@ -233,14 +232,33 @@ impl Sandbox {
            online_memory(&self.logger)?;
        }

-        let cpuset = rustjail_cgroups::fs::get_guest_cpuset()?;
+        if req.nb_cpus == 0 {
+            return Ok(());
+        }
+
+        let guest_cpuset = rustjail_cgroups::fs::get_guest_cpuset()?;

        for (_, ctr) in self.containers.iter() {
+            let cpu = ctr
+                .config
+                .spec
+                .as_ref()
+                .unwrap()
+                .linux
+                .as_ref()
+                .unwrap()
+                .resources
+                .as_ref()
+                .unwrap()
+                .cpu
+                .as_ref();
+            let container_cpust = if let Some(c) = cpu { &c.cpus } else { "" };
+
            info!(self.logger, "updating {}", ctr.id.as_str());
            ctr.cgroup_manager
                .as_ref()
                .unwrap()
-                .update_cpuset_path(cpuset.as_str())?;
+                .update_cpuset_path(guest_cpuset.as_str(), &container_cpust)?;
        }

        Ok(())
@@ -332,7 +350,7 @@ fn online_resources(logger: &Logger, path: &str, pattern: &str, num: i32) -> Res
            }
            let c = c.unwrap();

-            if c.trim().contains("0") {
+            if c.trim().contains('0') {
                let r = fs::write(file.as_str(), "1");
                if r.is_err() {
                    continue;
@@ -393,7 +411,6 @@ fn online_memory(logger: &Logger) -> Result<()> {

 #[cfg(test)]
 mod tests {
-    //use rustjail::Error;
    use super::Sandbox;
    use crate::{mount::BareMount, skip_if_not_root};
    use anyhow::Error;
@@ -607,13 +624,16 @@ mod tests {
    }

    fn create_dummy_opts() -> CreateOpts {
-        let mut root = Root::default();
-        root.path = String::from("/");
+        let root = Root {
+            path: String::from("/"),
+            ..Default::default()
+        };

-        let linux = Linux::default();
-        let mut spec = Spec::default();
-        spec.root = Some(root).into();
-        spec.linux = Some(linux).into();
+        let spec = Spec {
+            linux: Some(Linux::default()),
+            root: Some(root),
+            ..Default::default()
+        };

        CreateOpts {
            cgroup_name: "".to_string(),
--- a/src/agent/src/test_utils.rs
+++ b/src/agent/src/test_utils.rs
@@ -2,6 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 //
+#![allow(clippy::module_inception)]

 #[cfg(test)]
 mod test_utils {
--- a/src/agent/src/uevent.rs
+++ b/src/agent/src/uevent.rs
@@ -51,7 +51,7 @@ impl Uevent {
        self.action == U_EVENT_ACTION_ADD
            && self.subsystem == "block"
            && self.devpath.starts_with(PCI_ROOT_BUS_PATH)
-            && self.devname != ""
+            && !self.devname.is_empty()
    }

    fn handle_block_add_event(&self, sandbox: &Arc<Mutex<Sandbox>>) {
--- a/src/runtime/.gitignore
+++ b/src/runtime/.gitignore
@@ -8,9 +8,7 @@ coverage.html
 /cli/config/configuration-acrn.toml
 /cli/config/configuration-clh.toml
 /cli/config/configuration-fc.toml
-/cli/config/configuration-nemu.toml
 /cli/config/configuration-qemu.toml
-/cli/config/configuration-qemu-virtiofs.toml
 /cli/config/configuration-clh.toml
 /cli/config-generated.go
 /cli/containerd-shim-kata-v2/config-generated.go
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -68,7 +68,7 @@ NETMON_TARGET = $(PROJECT_TYPE)-netmon
 NETMON_TARGET_OUTPUT = $(CURDIR)/$(NETMON_TARGET)
 BINLIBEXECLIST += $(NETMON_TARGET)

-DESTDIR := /
+DESTDIR ?= /

 ifeq ($(PREFIX),)
 PREFIX        := /usr
@@ -93,6 +93,9 @@ DEFAULTSDIR := $(SHAREDIR)/defaults
 COLLECT_SCRIPT = data/kata-collect-data.sh
 COLLECT_SCRIPT_SRC = $(COLLECT_SCRIPT).in

+# @RUNTIME_NAME@ should be replaced with the target in generated files
+RUNTIME_NAME = $(TARGET)
+
 GENERATED_FILES += $(COLLECT_SCRIPT)
 GENERATED_VARS = \
 		VERSION \
@@ -282,7 +285,7 @@ ifneq (,$(CLHCMD))
    DEFENABLEHUGEPAGES_CLH := true
    DEFNETWORKMODEL_CLH := tcfilter
    KERNELTYPE_CLH = uncompressed
-    KERNEL_NAME_CLH = $(call MAKE_KERNEL_VIRTIOFS_NAME,$(KERNELTYPE_CLH))
+    KERNEL_NAME_CLH = $(call MAKE_KERNEL_NAME,$(KERNELTYPE_CLH))
    KERNELPATH_CLH = $(KERNELDIR)/$(KERNEL_NAME_CLH)
 endif

@@ -600,8 +603,9 @@ $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
 	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && ln -fs $(GENERATED_CONFIG))
 	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ .)

-$(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
-	$(QUIET_BUILD)(cd $(MONITOR_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ .)
+$(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) .git-commit
+	$(QUIET_BUILD)(cd $(MONITOR_DIR)/ && CGO_ENABLED=0 go build \
+		--ldflags "-X main.GitCommit=$(shell cat .git-commit)" $(BUILDFLAGS) -buildmode=exe -o $@ .)

 .PHONY: \
 	check \
@@ -634,7 +638,6 @@ go-test: $(GENERATED_FILES)
 	go test -v -mod=vendor ./...

 check-go-static:
-	$(QUIET_CHECK)../../ci/static-checks.sh
 	$(QUIET_CHECK)../../ci/go-no-os-exit.sh ./cli
 	$(QUIET_CHECK)../../ci/go-no-os-exit.sh ./virtcontainers

--- a/src/runtime/arch/amd64-options.mk
+++ b/src/runtime/arch/amd64-options.mk
@@ -12,9 +12,6 @@ CPUFEATURES := pmu=off

 QEMUCMD := qemu-system-x86_64

-# Qemu experimental with virtiofs
-QEMUVIRTIOFSCMD := qemu-virtiofs-system-x86_64
-
 # Firecracker binary name
 FCCMD := firecracker
 # Firecracker's jailer binary name
--- a/src/runtime/cli/config/configuration-acrn.toml.in
+++ b/src/runtime/cli/config/configuration-acrn.toml.in
@@ -113,7 +113,7 @@ block_device_driver = "@DEFBLOCKSTORAGEDRIVER_ACRN@"
 # lexicographical order, to the lifecycle of the guest container.
 # Hooks are executed in the runtime namespace of the guest. See the official documentation:
 # https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks
-# Warnings will be logged if any error is encountered will scanning for hooks,
+# Warnings will be logged if any error is encountered while scanning for hooks,
 # but it will not abort container execution.
 #guest_hook_path = "/usr/share/oci/hooks"

--- a/src/runtime/cli/config/configuration-clh.toml.in
+++ b/src/runtime/cli/config/configuration-clh.toml.in
@@ -115,6 +115,23 @@ block_device_driver = "virtio-blk"
 # Default false
 #enable_debug = true

+# Path to OCI hook binaries in the *guest rootfs*.
+# This does not affect host-side hooks which must instead be added to
+# the OCI spec passed to the runtime.
+#
+# You can create a rootfs with hooks by customizing the osbuilder scripts:
+# https://github.com/kata-containers/osbuilder
+#
+# Hooks must be stored in a subdirectory of guest_hook_path according to their
+# hook type, i.e. "guest_hook_path/{prestart,postart,poststop}".
+# The agent will scan these directories for executable files and add them, in
+# lexicographical order, to the lifecycle of the guest container.
+# Hooks are executed in the runtime namespace of the guest. See the official documentation:
+# https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks
+# Warnings will be logged if any error is encountered while scanning for hooks,
+# but it will not abort container execution.
+#guest_hook_path = "/usr/share/oci/hooks"
+#
 [agent.@PROJECT_TYPE@]
 # If enabled, make the agent display debug-level messages.
 # (default: disabled)
--- a/src/runtime/cli/config/configuration-qemu.toml.in
+++ b/src/runtime/cli/config/configuration-qemu.toml.in
@@ -305,7 +305,7 @@ valid_file_mem_backends = @DEFVALIDFILEMEMBACKENDS@
 # lexicographical order, to the lifecycle of the guest container.
 # Hooks are executed in the runtime namespace of the guest. See the official documentation:
 # https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks
-# Warnings will be logged if any error is encountered will scanning for hooks,
+# Warnings will be logged if any error is encountered while scanning for hooks,
 # but it will not abort container execution.
 #guest_hook_path = "/usr/share/oci/hooks"
 #
--- a/src/runtime/cli/kata-check.go
+++ b/src/runtime/cli/kata-check.go
@@ -63,7 +63,6 @@ const (
 	moduleParamDir        = "parameters"
 	successMessageCapable = "System is capable of running " + project
 	successMessageCreate  = "System can currently create " + project
-	successMessageVersion = "Version consistency of " + project + " is verified"
 	failMessage           = "System is not capable of running " + project
 	kernelPropertyCorrect = "Kernel property value correct"

@@ -389,7 +388,7 @@ EXAMPLES:
 		span, _ := katautils.Trace(ctx, "kata-check")
 		defer span.Finish()

-		if context.Bool("no-network-checks") == false && os.Getenv(noNetworkEnvVar) == "" {
+		if !context.Bool("no-network-checks") && os.Getenv(noNetworkEnvVar) == "" {
 			cmd := RelCmdCheck

 			if context.Bool("only-list-releases") {
--- a/src/runtime/cli/main.go
+++ b/src/runtime/cli/main.go
@@ -62,9 +62,6 @@ var originalLoggerLevel = logrus.WarnLevel

 var debug = false

-// if true, coredump when an internal error occurs or a fatal signal is received
-var crashOnError = false
-
 // concrete virtcontainer implementation
 var virtcontainersImpl = &vc.VCImpl{}

@@ -325,7 +322,6 @@ func beforeSubcommands(c *cli.Context) error {
 	}
 	if !subCmdIsCheckCmd {
 		debug = runtimeConfig.Debug
-		crashOnError = runtimeConfig.Debug

 		if traceRootSpan != "" {
 			// Create the tracer.
--- a/src/runtime/cli/main_test.go
+++ b/src/runtime/cli/main_test.go
@@ -8,7 +8,6 @@ package main
 import (
 	"bytes"
 	"context"
-	"encoding/json"
 	"errors"
 	"flag"
 	"fmt"
@@ -28,7 +27,6 @@ import (
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/compatoci"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/oci"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/vcmock"
-	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/assert"
 	jaeger "github.com/uber/jaeger-client-go"
@@ -43,10 +41,8 @@ const (
 	// small docker image used to create root filesystems from
 	testDockerImage = "busybox"

-	testSandboxID   = "99999999-9999-9999-99999999999999999"
-	testContainerID = "1"
-	testBundle      = "bundle"
-	testConsole     = "/dev/pts/999"
+	testBundle  = "bundle"
+	testConsole = "/dev/pts/999"
 )

 var (
@@ -386,44 +382,6 @@ func makeOCIBundle(bundleDir string) error {
 	return nil
 }

-func writeOCIConfigFile(spec specs.Spec, configPath string) error {
-	if configPath == "" {
-		return errors.New("BUG: need config file path")
-	}
-
-	bytes, err := json.MarshalIndent(spec, "", "\t")
-	if err != nil {
-		return err
-	}
-
-	return ioutil.WriteFile(configPath, bytes, testFileMode)
-}
-
-func newSingleContainerStatus(containerID string, containerState types.ContainerState, annotations map[string]string, spec *specs.Spec) vc.ContainerStatus {
-	return vc.ContainerStatus{
-		ID:          containerID,
-		State:       containerState,
-		Annotations: annotations,
-		Spec:        spec,
-	}
-}
-
-func execCLICommandFunc(assertHandler *assert.Assertions, cliCommand cli.Command, set *flag.FlagSet, expectedErr bool) {
-	ctx := createCLIContext(set)
-	ctx.App.Name = "foo"
-
-	fn, ok := cliCommand.Action.(func(context *cli.Context) error)
-	assertHandler.True(ok)
-
-	err := fn(ctx)
-
-	if expectedErr {
-		assertHandler.Error(err)
-	} else {
-		assertHandler.Nil(err)
-	}
-}
-
 func createCLIContextWithApp(flagSet *flag.FlagSet, app *cli.App) *cli.Context {
 	ctx := cli.NewContext(app, flagSet, nil)

--- a/src/runtime/cli/utils.go
+++ b/src/runtime/cli/utils.go
@@ -189,21 +189,3 @@ func constructVersionInfo(version string) VersionInfo {
 	}

 }
-
-func versionEqual(a VersionInfo, b VersionInfo) bool {
-	av, err := semver.Make(a.Semver)
-	if err != nil {
-		return false
-	}
-
-	bv, err := semver.Make(b.Semver)
-	if err != nil {
-		return false
-	}
-
-	if av.Major == bv.Major && av.Minor == bv.Minor && av.Patch == bv.Patch {
-		return true
-	}
-
-	return false
-}
--- a/src/runtime/cli/utils_arch_base.go
+++ b/src/runtime/cli/utils_arch_base.go
@@ -1,10 +0,0 @@
-// +build !s390x
-//
-// SPDX-License-Identifier: Apache-2.0
-//
-
-package main
-
-func archConvertStatFs(cgroupFsType int) int64 {
-	return int64(cgroupFsType)
-}
--- a/src/runtime/cli/utils_s390x.go
+++ b/src/runtime/cli/utils_s390x.go
@@ -1,10 +0,0 @@
-// Copyright (c) 2018 IBM
-//
-// SPDX-License-Identifier: Apache-2.0
-//
-
-package main
-
-func archConvertStatFs(cgroupFsType int) uint32 {
-	return uint32(cgroupFsType)
-}
--- a/src/runtime/containerd-shim-v2/create.go
+++ b/src/runtime/containerd-shim-v2/create.go
@@ -87,6 +87,12 @@ func create(ctx context.Context, s *service, r *taskAPI.CreateTaskRequest) (*con
 			return nil, err
 		}
 		s.sandbox = sandbox
+		pid, err := s.sandbox.GetHypervisorPid()
+		if err != nil {
+			return nil, err
+		}
+		s.hpid = uint32(pid)
+
 		go s.startManagementServer(ctx, ociSpec)

 	case vc.PodContainer:
--- a/src/runtime/containerd-shim-v2/delete.go
+++ b/src/runtime/containerd-shim-v2/delete.go
@@ -17,20 +17,21 @@ import (
 func deleteContainer(ctx context.Context, s *service, c *container) error {
 	if !c.cType.IsSandbox() {
 		if c.status != task.StatusStopped {
-			_, err := s.sandbox.StopContainer(c.id, false)
-			if err != nil {
+			if _, err := s.sandbox.StopContainer(c.id, false); err != nil && !isNotFound(err) {
 				return err
 			}
 		}

-		if _, err := s.sandbox.DeleteContainer(c.id); err != nil {
+		if _, err := s.sandbox.DeleteContainer(c.id); err != nil && !isNotFound(err) {
 			return err
 		}
 	}

 	// Run post-stop OCI hooks.
 	if err := katautils.PostStopHooks(ctx, *c.spec, s.sandbox.ID(), c.bundle); err != nil {
-		return err
+		// log warning and continue, as defined in oci runtime spec
+		// https://github.com/opencontainers/runtime-spec/blob/master/runtime.md#lifecycle
+		shimLog.WithError(err).Warn("Failed to run post-stop hooks")
 	}

 	if c.mounted {
--- a/src/runtime/containerd-shim-v2/service.go
+++ b/src/runtime/containerd-shim-v2/service.go
@@ -59,7 +59,10 @@ var (
 var vci vc.VC = &vc.VCImpl{}

 // shimLog is logger for shim package
-var shimLog = logrus.WithField("source", "containerd-kata-shim-v2")
+var shimLog = logrus.WithFields(logrus.Fields{
+	"source": "containerd-kata-shim-v2",
+	"name":   "containerd-shim-v2",
+})

 // New returns a new shim service that can be used via GRPC
 func New(ctx context.Context, id string, publisher events.Publisher) (cdshim.Shim, error) {
@@ -110,9 +113,12 @@ type service struct {
 	mu          sync.Mutex
 	eventSendMu sync.Mutex

-	// pid Since this shimv2 cannot get the container processes pid from VM,
-	// thus for the returned values needed pid, just return this shim's
+	// hypervisor pid, Since this shimv2 cannot get the container processes pid from VM,
+	// thus for the returned values needed pid, just return the hypervisor's
 	// pid directly.
+	hpid uint32
+
+	// shim's pid
 	pid uint32

 	ctx        context.Context
@@ -367,11 +373,11 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
 			Terminal: r.Terminal,
 		},
 		Checkpoint: r.Checkpoint,
-		Pid:        s.pid,
+		Pid:        s.hpid,
 	})

 	return &taskAPI.CreateTaskResponse{
-		Pid: s.pid,
+		Pid: s.hpid,
 	}, nil
 }

@@ -403,7 +409,7 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (_ *taskAP
 		}
 		s.send(&eventstypes.TaskStart{
 			ContainerID: c.id,
-			Pid:         s.pid,
+			Pid:         s.hpid,
 		})
 	} else {
 		//start an exec
@@ -414,12 +420,12 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (_ *taskAP
 		s.send(&eventstypes.TaskExecStarted{
 			ContainerID: c.id,
 			ExecID:      r.ExecID,
-			Pid:         s.pid,
+			Pid:         s.hpid,
 		})
 	}

 	return &taskAPI.StartResponse{
-		Pid: s.pid,
+		Pid: s.hpid,
 	}, nil
 }

@@ -446,7 +452,7 @@ func (s *service) Delete(ctx context.Context, r *taskAPI.DeleteRequest) (_ *task

 		s.send(&eventstypes.TaskDelete{
 			ContainerID: c.id,
-			Pid:         s.pid,
+			Pid:         s.hpid,
 			ExitStatus:  c.exit,
 			ExitedAt:    c.exitTime,
 		})
@@ -454,7 +460,7 @@ func (s *service) Delete(ctx context.Context, r *taskAPI.DeleteRequest) (_ *task
 		return &taskAPI.DeleteResponse{
 			ExitStatus: c.exit,
 			ExitedAt:   c.exitTime,
-			Pid:        s.pid,
+			Pid:        s.hpid,
 		}, nil
 	}
 	//deal with the exec case
@@ -468,7 +474,7 @@ func (s *service) Delete(ctx context.Context, r *taskAPI.DeleteRequest) (_ *task
 	return &taskAPI.DeleteResponse{
 		ExitStatus: uint32(execs.exitCode),
 		ExitedAt:   execs.exitTime,
-		Pid:        s.pid,
+		Pid:        s.hpid,
 	}, nil
 }

@@ -563,7 +569,7 @@ func (s *service) State(ctx context.Context, r *taskAPI.StateRequest) (_ *taskAP
 		return &taskAPI.StateResponse{
 			ID:         c.id,
 			Bundle:     c.bundle,
-			Pid:        s.pid,
+			Pid:        s.hpid,
 			Status:     c.status,
 			Stdin:      c.stdin,
 			Stdout:     c.stdout,
@@ -582,7 +588,7 @@ func (s *service) State(ctx context.Context, r *taskAPI.StateRequest) (_ *taskAP
 	return &taskAPI.StateResponse{
 		ID:         execs.id,
 		Bundle:     c.bundle,
-		Pid:        s.pid,
+		Pid:        s.hpid,
 		Status:     execs.status,
 		Stdin:      execs.tty.stdin,
 		Stdout:     execs.tty.stdout,
@@ -732,7 +738,7 @@ func (s *service) Pids(ctx context.Context, r *taskAPI.PidsRequest) (_ *taskAPI.
 	}()

 	pInfo := task.ProcessInfo{
-		Pid: s.pid,
+		Pid: s.hpid,
 	}
 	processes = append(processes, &pInfo)

@@ -804,7 +810,7 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (_ *ta
 	return &taskAPI.ConnectResponse{
 		ShimPid: s.pid,
 		//Since kata cannot get the container's pid in VM, thus only return the shim's pid.
-		TaskPid: s.pid,
+		TaskPid: s.hpid,
 	}, nil
 }

--- a/src/runtime/containerd-shim-v2/shim_management.go
+++ b/src/runtime/containerd-shim-v2/shim_management.go
@@ -65,8 +65,7 @@ func (s *service) serveMetrics(w http.ResponseWriter, r *http.Request) {
 	// encode the metrics
 	encoder := expfmt.NewEncoder(w, expfmt.FmtText)
 	for _, mf := range mfs {
-		if err := encoder.Encode(mf); err != nil {
-		}
+		encoder.Encode(mf)
 	}

 	// if using an old agent, only collect shim/sandbox metrics.
@@ -149,7 +148,7 @@ func (s *service) startManagementServer(ctx context.Context, ociSpec *specs.Spec

 	shimMgtLog.Info("kata management inited")

-	// bind hanlder
+	// bind handler
 	m := http.NewServeMux()
 	m.Handle("/metrics", http.HandlerFunc(s.serveMetrics))
 	m.Handle("/agent-url", http.HandlerFunc(s.agentURL))
--- a/src/runtime/containerd-shim-v2/shim_metrics.go
+++ b/src/runtime/containerd-shim-v2/shim_metrics.go
@@ -176,7 +176,7 @@ func calcOverhead(initialSandboxStats, finishSandboxStats vc.SandboxStats, initi
 	cpuUsageGuest := float64(guestFinalCPU-guestInitCPU) / deltaTime * 100
 	cpuUsageHost := float64(hostFinalCPU-hostInitCPU) / deltaTime * 100

-	return float64(hostMemoryUsage - guestMemoryUsage), float64(cpuUsageHost - cpuUsageGuest)
+	return float64(hostMemoryUsage - guestMemoryUsage), cpuUsageHost - cpuUsageGuest
 }

 func (s *service) getPodOverhead() (float64, float64, error) {
--- a/src/runtime/containerd-shim-v2/shim_metrics_test.go
+++ b/src/runtime/containerd-shim-v2/shim_metrics_test.go
@@ -96,7 +96,7 @@ func TestStatsSandbox(t *testing.T) {
 	sandbox.StatsFunc = getSandboxCPUFunc(2000, 110000)
 	sandbox.StatsContainerFunc = getStatsContainerCPUFunc(200, 400, 20000, 40000)

-	finishSandboxStats, finishContainersStats, err := s.statsSandbox()
+	finishSandboxStats, finishContainersStats, _ := s.statsSandbox()

 	// calc overhead
 	mem, cpu := calcOverhead(initialSandboxStats, finishSandboxStats, initialContainerStats, finishContainersStats, 1e9)
--- a/src/runtime/containerd-shim-v2/start.go
+++ b/src/runtime/containerd-shim-v2/start.go
@@ -52,7 +52,9 @@ func startContainer(ctx context.Context, s *service, c *container) error {
 		return katautils.PostStartHooks(ctx, *c.spec, s.sandbox.ID(), c.bundle)
 	})
 	if err != nil {
-		return err
+		// log warning and continue, as defined in oci runtime spec
+		// https://github.com/opencontainers/runtime-spec/blob/master/runtime.md#lifecycle
+		shimLog.WithError(err).Warn("Failed to run post-start hooks")
 	}

 	c.status = task.StatusRunning
--- a/src/runtime/containerd-shim-v2/utils.go
+++ b/src/runtime/containerd-shim-v2/utils.go
@@ -24,7 +24,7 @@ import (
 func cReap(s *service, status int, id, execid string, exitat time.Time) {
 	s.ec <- exit{
 		timestamp: exitat,
-		pid:       s.pid,
+		pid:       s.hpid,
 		status:    status,
 		id:        id,
 		execid:    execid,
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .0.0
 .0.4