0af481979b
Fixes CVE-2019-12068 fixes #2388 shortlog: 99c5874a9b Update version for 4.1.1 release e092a17d38 mirror: Keep mirror_top_bs drained after dropping permissions 088f1e8fd9 block/create: Do not abort if a block driver is not available 145b562990 vhost: Fix memory region section comparison 42b6571357 memory: Provide an equality function for MemoryRegionSections c0aca9352d memory: Align MemoryRegionSections fields 54c130493c tests: make filemonitor test more robust to event ordering 3d018ff3bd block: posix: Always allocate the first block f0d3fa265d file-posix: Handle undetectable alignment 7db05c8a73 block/file-posix: Let post-EOF fallocate serialize d9b88f7e0d block: Add bdrv_co_get_self_request() 590cff8230 block: Make wait/mark serialising requests public 2e2ad02f2c block/io: refactor padding b3b76fc643 util/iov: improve qemu_iovec_is_zero cff024fe85 util/iov: introduce qemu_iovec_init_extended 40df4a1bf7 qcow2-bitmap: Fix uint64_t left-shift overflow b156178553 iotests: Add peek_file* functions 15f5e8c367 iotests: Add test for 4G+ compressed qcow2 write 405deba14f qcow2: Fix QCOW2_COMPRESSED_SECTOR_MASK 01be50603b virtio-blk: Cancel the pending BH when the dataplane is reset 051c9b3cbc scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) b387531323 target/xtensa: regenerate and re-import test_mmuhifi_c3 core cdc6896659 target/arm: Allow reading flags from FPSCR for M-profile c0b35d87de hbitmap: handle set/reset with zero length fcd7cba6ac util/hbitmap: strict hbitmap_reset aea18ef938 COLO-compare: Fix incorrect `if` logic 4887acf574 virtio-net: prevent offloads reset on migration 8010d3fce0 virtio: new post_load hook 6705b9344f ui: Fix hanging up Cocoa display on macOS 10.15 (Catalina) c0e2fbf124 mirror: Do not dereference invalid pointers b077ac637d iotests: Test large write request to qcow2 file 9e51c5306c qcow2: Limit total allocation range to INT_MAX aae0faa5d3 hw/core/loader: Fix possible crash in rom_copy() 7b404cae7f vhost-user: save features if the char dev is closed d868d30db6 iotests: Test internal snapshots with -blockdev 7a8aa6c734 block/snapshot: Restrict set of snapshot nodes 331c08d300 s390: PCI: fix IOMMU region init fc5afb1a92 roms/Makefile.edk2: don't pull in submodules when building from tarball c5c9b1362d make-release: pull in edk2 submodules so we can build it from tarballs 220816989c hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots 783e7eb52c block/backup: fix backup_cow_with_offload for last cluster e01ed1a1ae block/backup: fix max_transfer handling for copy_range 416a692e51 qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation() e9bb3d942e coroutine: Add qemu_co_mutex_assert_locked() 84f22c7285 block/qcow2: Fix corruption introduced by commit 8ac0f15f335 86b0f4022b blockjob: update nodes head while removing all bdrv 2d86df1f78 curl: Handle success in multi_check_completion 18e1b71937 curl: Report only ready sockets 0888ddac8e curl: Pass CURLSocket to curl_multi_do() 4be97ef966 curl: Check completion in curl_multi_do() 78ea94e389 curl: Keep *socket until the end of curl_sock_cb() 3648493495 curl: Keep pointer to the CURLState in CURLSocket 0694c489cd block/nfs: tear down aio before nfs_close c9ffb12754 qcow2: Fix the calculation of the maximum L2 cache size 28a9a3558a libvhost-user: fix SLAVE_SEND_FD handling 9027d3fba6 target/arm: Don't abort on M-profile exception return in linux-user mode 38fb634853 target/arm: Free TCG temps in trans_VMOV_64_sp() ad95e0573e iotests: Test blockdev-create for vpc 593beeaf81 iotests: Restrict nbd Python tests to nbd eee776fbc0 iotests: Restrict file Python tests to file 819ba23575 iotests: Add supported protocols to execute_test() 4d9bdd3149 iotests: add testing shim for script-style python tests 97c478c355 vpc: Return 0 from vpc_co_create() on success 725dfa851f x86: do not advertise die-id in query-hotpluggbale-cpus if '-smp dies' is not set 57fdf4a13f pr-manager: Fix invalid g_free() crash bug 3361d03ff0 iotests: Test reverse sub-cluster qcow2 writes 6f1a94035b block/file-posix: Reduce xfsctl() use c12adfd8f6 xen-bus: check whether the frontend is active during device reset... b6cedc911e xen-bus: Fix backend state transition on device reset 7ebcd375ad pc: Don't make die-id mandatory unless necessary 4bfd496be3 target/alpha: fix tlb_fill trap_arg2 value for instruction fetch 499a5d6bb4 s390x/tcg: Fix VERIM with 32/64 bit elements 73a5bf4729 Revert "ide/ahci: Check for -ECANCELED in aio callbacks" fbde196c30 dma-helpers: ensure AIO callback is invoked after cancellation Signed-off-by: Julio Montes <julio.montes@intel.com> |
||
|---|---|---|
| .ci | ||
| .github | ||
| arch | ||
| cli | ||
| containerd-shim-v2 | ||
| data | ||
| hack | ||
| netmon | ||
| pkg | ||
| protocols/cache | ||
| vendor | ||
| virtcontainers | ||
| .gitignore | ||
| .gitmodules | ||
| .travis.yml | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| golang.mk | ||
| Gopkg.lock | ||
| Gopkg.toml | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| VERSION | ||
| versions.yaml | ||
Runtime
This repository contains the runtime for the Kata Containers project.
For details of the other Kata Containers repositories, see the repository summary.
- Introduction
- License
- Platform support
- Download and install
- Quick start for developers
- Architecture overview
- Configuration
- Logging
- Debugging
- Limitations
- Community
- Further information
- Additional packages
Introduction
kata-runtime, referred to as "the runtime", is the Command-Line Interface
(CLI) part of the Kata Containers runtime component. It leverages the
virtcontainers
package to provide a high-performance standards-compliant runtime that creates
hardware-virtualized Linux containers running on Linux hosts.
The runtime is OCI-compatible, CRI-O-compatible, and Containerd-compatible, allowing it to work seamlessly with both Docker and Kubernetes respectively.
License
The code is licensed under an Apache 2.0 license.
See the license file for further details.
Platform support
Kata Containers currently works on systems supporting the following technologies:
- Intel VT-x technology.
- ARM Hyp mode (virtualization extension).
- IBM Power Systems.
- IBM Z mainframes.
Hardware requirements
The runtime has a built-in command to determine if your host system is capable of running and creating a Kata Container:
$ kata-runtime kata-check
Note:
By default, only a brief success / failure message is printed. If more details are needed, the
--verboseflag can be used to display the list of all the checks performed.
rootpermission is needed to check if the system is capable of running Kata containers. In this case, additional checks are performed (e.g., if another incompatible hypervisor is running).
Download and install
See the installation guides available for various operating systems.
Quick start for developers
See the developer guide.
Architecture overview
See the architecture overview for details on the Kata Containers design.
Configuration
The runtime uses a TOML format configuration file called configuration.toml.
The file contains comments explaining all options.
Note:
The initial values in the configuration file provide a good default configuration. You might need to modify this file if you have specialist needs.
Since the runtime supports a
stateless system,
it checks for this configuration file in multiple locations, two of which are
built in to the runtime. The default location is
/usr/share/defaults/kata-containers/configuration.toml for a standard
system. However, if /etc/kata-containers/configuration.toml exists, this
takes priority.
The command below lists the full paths to the configuration files that the runtime attempts to load. The first path that exists is used:
$ kata-runtime --kata-show-default-config-paths
Aside from the built-in locations, it is possible to specify the path to a
custom configuration file using the --kata-config option:
$ kata-runtime --kata-config=/some/where/configuration.toml ...
The runtime will log the full path to the configuration file it is using. See the logging section for further details.
To see details of your systems runtime environment (including the location of the configuration file being used), run:
$ kata-runtime kata-env
Logging
The runtime provides --log= and --log-format= options. However, the
runtime always logs to the system log (syslog or journald).
To view runtime log output:
$ sudo journalctl -t kata-runtime
For detailed information and analysis on obtaining logs for other system
components, see the documentation for the
kata-log-parser
tool.
Debugging
See the debugging section of the developer guide.
Limitations
See the limitations file for further details.
Community
Contact
See how to reach the community.
Further information
See the project table of contents and the documentation repository.
Additional packages
For details of the other packages contained in this repository, see the package documentation.