mirror of https://github.com/kata-containers/kata-containers.git synced 2026-05-18 13:46:06 +00:00

Files

Fabiano Fidêncio bfcd249f40 image-builder: add erofs dm-verity support and lz4hc compression

Add full dm-verity and measured rootfs support to
create_erofs_rootfs_image(), bringing it to parity with the ext4 path.

Unlike ext4, which is a read-write filesystem mounted read-only by
convention, erofs is structurally read-only -- no journal, no write
metadata, no superblock write path.

This is a natural fit for dm-verity: erofs never attempts writes, so
verity never has to reject anything. With ext4, the kernel must skip
journal replay on verity-protected devices, which is a fragile
assumption.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>

2026-05-10 17:18:05 +02:00

Dockerfile

image-builder: add erofs dm-verity support and lz4hc compression

2026-05-10 17:18:05 +02:00

image_builder.sh

image-builder: add erofs dm-verity support and lz4hc compression

2026-05-10 17:18:05 +02:00

nsdax.gpl.c

osbuilder: move code into tools directory

2020-04-29 16:45:00 -05:00

README.md

docs: Remove table of contents

2021-07-30 10:58:22 +01:00

README.md

Kata Containers image generation

A Kata Containers disk image is generated using the image_builder.sh script. This uses a rootfs directory created by the rootfs-builder/rootfs.sh script.

Creating a guest OS image

To create a guest OS image run:

$ sudo ./image_builder.sh path/to/rootfs

Where path/to/rootfs is the directory populated by rootfs.sh.

Note

: If you are building an image from an Alpine rootfs, see the important note here.

Further information

For more information about usage (including how to adjust the size of the image), run:

$ ./image_builder.sh -h