Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

host-ctr: Unmask /sys/firmware from host containers #2573

Merged
merged 1 commit into from
Nov 15, 2022
Merged

host-ctr: Unmask /sys/firmware from host containers #2573

merged 1 commit into from
Nov 15, 2022

Conversation

jpculp
Copy link
Member

@jpculp jpculp commented Nov 12, 2022
edited
Loading

Description of changes:

This provides extra insight into the hardware of the underlying Bottlerocket host, such as the number of CPU sockets on aarch64 variants.

NOTE: List of masked paths come's from containerd's oci/spec.go.

Testing done:

Built and launched an aarch64 k8s variant on a c6g.large and ran lscpu from the control container.

Architecture:           aarch64
  CPU op-mode(s):       32-bit, 64-bit
  Byte Order:           Little Endian
CPU(s):                 2
  On-line CPU(s) list:  0,1
Vendor ID:              ARM
  Model name:           Neoverse-N1
    Model:              1
    Thread(s) per core: 1
    Core(s) per socket: 2
    Socket(s):          1
    Stepping:           r3p1
    BogoMIPS:           243.75
    Flags:              fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid
                         asimdrdm lrcpc dcpop asimddp ssbs

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@jpculp
Copy link
Member Author

jpculp commented Nov 14, 2022

Added the reference for masked paths into the code.

@jpculp jpculp marked this pull request as ready for review November 14, 2022 22:48
bcressey
bcressey approved these changes Nov 14, 2022
View reviewed changes
sources/host-ctr/cmd/host-ctr/main.go Outdated
@@ -288,6 +288,20 @@ func runCtr(containerdSocket string, namespace string, containerID string, sourc
oci.WithHostNamespace(runtimespec.NetworkNamespace),
oci.WithHostHostsFile,
oci.WithHostResolvconf,
// Unmask `/sys/firmware` by passing an alternate list of masked paths
// List is based on the DefaultUnixSpec's MaskedPaths for Linux
// (https://github.com/containerd/containerd/blob/main/oci/spec.go)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: a permalink to the exact MaskedPaths list would be preferable, in case that list gets refactored out of the file

@jpculp
host-ctr: Unmask /sys/firmware from host containers
f4c1899 
This provides extra insight into the hardware of the underlying
Bottlerocket host, such as the number of CPU sockets on aarch64
variants.
@jpculp
Copy link
Member Author

jpculp commented Nov 14, 2022

Pinned the comment to the commit the masked paths were based on.

@jpculp jpculp requested a review from bcressey November 14, 2022 23:02
@jpculp jpculp merged commit 0643430 into bottlerocket-os:develop Nov 15, 2022
@jpculp jpculp deleted the unmask-sys-firmware branch November 15, 2022 00:03
@jpculp jpculp mentioned this pull request Dec 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yeazelm yeazelm yeazelm left review comments

@bcressey bcressey bcressey approved these changes

@rpkelly rpkelly rpkelly approved these changes

@webern webern webern approved these changes

@markusboehme markusboehme Awaiting requested review from markusboehme

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jpculp @bcressey @rpkelly @webern @yeazelm