mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-11-01 07:40:27 +00:00
497b07e57b
We don't actually build it here, we just use the alpine package, which is
already included in the linuxkit/alpine base.
Can be instantiated with a service stanza such as:
- name: qemu-ga
image: "linuxkit/qemu-ga:e5fbcf55926f6e1a96b3e49a392e547e8be1022c"
binds:
- /dev/vport0p1:/dev/vport0p1
The only functionality I've tested is to report IP addresses to the host (e.g.
via `virsh domifaddr`).
The image is configured to use `/dev/vport0p1` by default. If your VM image is
using a different port number then you can either incorporate the rename into
the bind ("/dev/vport1p1:/dev/vport0p1") or override the command with:
command: ["/usr/bin/qemu-ga", "-p", "/dev/vport1p1"]
The mdev tool appears to not create the symlinks which udev would provide
`/dev/virtio-ports/org.qemu.guest_agent.0` hence the need to hardcode the
potentially unstable `/dev/vportNp1`, `N` seems to depend on the number and
order of virtio devices in use. I don't know if it is possible to get mdev to
create these links. For reference the udev rule is:
SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio-ports/$attr{name}"
See https://wiki.libvirt.org/page/Qemu_guest_agent for more info on the guest
agent.
A suitable stanza is added to `projects/swarmd/swarmd.yml` since that is where
I am using it.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Projects
We aim to provide a set of open spaces for collaboration to help move projects towards production. Projects should usually
at a minimum provide a README of how to get started using the project with Moby, and a roadmap document explaining what
the aims are and how to contribute. Most projects will probably provide a way to run the project in a custom Moby build
in its current state, which ideally will be integrated in the Moby CI so there are checks that it builds and runs. Over
time we hope that many projects will graduate into the recommended production defaults, but other projects may remain as
ongoing projects, such as kernel hardening.
If you want to create a project, please submit a pull request to create a new directory here.
Current projects
- Kernel Self Protection Project enhancements
- Mirage SDK privilege separation for userspace services
- Wireguard cryptographic enforced container network separation
- OKernel intra-kernel protection using EPT (HPE)
- eBPF iovisor eBPF tools
- AWS AWS build support
- Swarmd Standalone swarmkit based orchestrator
- Landlock LSM programmatic access control
- Clear Containers Clear Containers image
- Logging Experimental logging tools
- etcd cluster etcd cluster demo from DockerCon'17
- kernel-config an experiment on how to manage kernel config
- IMA-namespace patches for supporting per-mount-namespace IMA policies
Current projects not yet documented
- VMWare support (VMWare)
- ARM port and secure boot integration (ARM)