Previously, the control plane was using HTTP client/server, that various people
found way too complex to run in a privileged container (for very good reasons).
So switching to a simpler binary protocol, using c-like structures. Will
probably switch to an other serialization protocol later (eg. protobuf
or cap-n-proto).
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
The new hiearchy is:
- pkg/{init,mirage-compile}: additional Moby packages
- src/sdk -> the begining of the MirageOS SDK for Moby
- src/dhcp-client -> the code for the MirageOS dhcp-client service
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
Today the SDK only contains helper code to create secure Moby services based on
MirageOS. Today the SDK only defines the architecture and the communication
pipes between the privileged service and the calf; the proper communication
API will be specified after we have a few more use-cases.
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
The aim of the split kernel is to introduce a level of intra-kernel
protection into the kernel so that, amongst other things, it can
offer lifetime guarantees over kernel code and data integrity.
These patches only wire in the kernel build from a 4.11-rc3 snapshot.
The userspace tools will follow shortly. Instructions came via
https://github.com/linux-okernel/linux-okernel (linux-okernel branch)
and via @edwards-n and @t-koulouris.
The build can be done via `cd projects/okernel && make`.
Signed-off-by: Anil Madhavapeddy <anil@docker.com>
For 4.9.18 and 4.10.6 cherry-picked the VMBus leak fix
from Linus' tree instead of char-misc.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Split the bits which can be re-used in other services (e.g. init dance
and the server-side of the control path). `main.ml` now only contains what
is specific to the DHCP logic (+ the /caf directory).
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
Plus a few more minor improvements:
- compile with jbuilder.
- start working on the control path.
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
Unused. This should not affect anything, and I didnt actually bump
the kernel version; am working on te build in CI for this...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
docker-compose and other utilities use the .yml extension.
For consistency rename all .yaml to .yml
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- now supports image pull and run end to end
- update runc to last version before spec update fix#1302
- remove ext2 utils from init
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- The tools directory ideally should not contain source code
- Removes double vendoring of packagages
- Makes it easer to hook the build into the top-level Makefile
Eventually, the plugin should be moved to the infrakit repo.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
