Adapt code for vanilla Kata #154
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes the below error when attempting to access the debug console when all debug_console_enabled=true and all 3 enable_debug options are true: level=error msg="error create pseudo tty" error="open /dev/ptmx: operation not permitted" Signed-off-by: Aurelien Bombo <[email protected]>
Doesn't make sense for non-TEEs and was only a remnant of cc-msft-prototypes. This will have to be taken into account in microsoft/azurelinux#6942. [upstream-merged] Already done this way upstream. Signed-off-by: Aurélien Bombo <[email protected]>
sprt
force-pushed
the
sprt/align-vanilla-sources
branch
from
4be2127 to
fb4c887
Compare
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 24, 2024
* Requires the new Rust virtiosfd 1.8.0. * Removes all patches. See microsoft/kata-containers#122 (comment) for a discussion. Since then, the memory patch was included in msft-main and patch 0004 is included in microsoft/kata-containers#154. * Cleans up runtime make flags: * The following were redundant as we were setting the default: * DEFSHAREDFS * DEFVIRTIOFSCACHESIZE * DEFSANDBOXCGROUPONLY * DEFSTATICRESOURCEMGMT_CLH
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 24, 2024
* Requires the new Rust virtiosfd 1.8.0. * Removes all patches. See microsoft/kata-containers#122 (comment) for a discussion. Since then, the memory patch was included in msft-main and patch 0004 is included in microsoft/kata-containers#154. * Cleans up runtime make flags: * Set DEFVIRTIOFSDAEMON to the Rust binary path. * The following were redundant as we were setting the default: * DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS) * DEFVIRTIOFSCACHESIZE * DEFSANDBOXCGROUPONLY * DEFSTATICRESOURCEMGMT_CLH * The following were referring to macros that do not have a value: * QEMUPATH * MACHINETYPE * FEATURE_SELINUX does not exist in the Kata source code.
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 24, 2024
* Removes all patches. See microsoft/kata-containers#122 (comment) for a discussion. Since then, the memory patch was included in msft-main and patch 0004 is included in microsoft/kata-containers#154. * Requires the new Rust virtiosfd 1.8.0. * Adds BuildRequires for devmapper code paths in msft-main. * Cleans up runtime make flags: * Set DEFVIRTIOFSDAEMON to the Rust binary path. * The following were redundant as we were setting the default: * DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS) * DEFVIRTIOFSCACHESIZE * DEFSANDBOXCGROUPONLY * DEFSTATICRESOURCEMGMT_CLH * The following were referring to macros that do NOT expand to a value: * QEMUPATH * MACHINETYPE * FEATURE_SELINUX does not exist in the Kata source code. * DEFENABLEANNOTATIONS should not be set to ".*". * Ensures sed doesn't break symlinks. For configuration.toml, sed would convert that file from a symlink to a regular, so it'd become out of sync with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag as well for good measure.
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 24, 2024
* Cleans up runtime make flags:
* Set DEFVIRTIOFSDAEMON to the Rust binary path.
* The following were redundant as we were setting the default:
* DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS)
* DEFVIRTIOFSCACHESIZE
* DEFSANDBOXCGROUPONLY
* DEFSTATICRESOURCEMGMT_CLH
* The following were referring to macros that do NOT expand to a value:
* QEMUPATH
* MACHINETYPE
* FEATURE_SELINUX does not exist in the Kata source code.
* DEFENABLEANNOTATIONS should not be set to ".*".
* Removes all patches. See
microsoft/kata-containers#122 (comment)
for a discussion. Since then, the memory patch was included in msft-main
and patch 0004 is included in microsoft/kata-containers#154.
* Adds BuildRequires for devmapper code paths in msft-main.
* Requires the new Rust virtiosfd 1.8.0.
* Ensures sed doesn't break symlinks. For configuration.toml, sed would
convert that file from a symlink to a regular, so it'd become out of sync
with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag as
well for good measure.
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 24, 2024
* Cleans up runtime make flags:
* Set DEFVIRTIOFSDAEMON to the Rust binary path.
* The following were redundant as we were setting the default:
* DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS)
* DEFVIRTIOFSCACHESIZE
* DEFSANDBOXCGROUPONLY
* DEFSTATICRESOURCEMGMT_CLH
* The following were referring to macros that do NOT expand to a value:
* QEMUPATH
* MACHINETYPE
* FEATURE_SELINUX does not exist in the Kata source code.
* DEFENABLEANNOTATIONS should not be set to ".*".
* Removes all patches. See
microsoft/kata-containers#122 (comment)
for a discussion. Since then, the memory patch was included in msft-main
and patch 0004 is included in microsoft/kata-containers#154.
* Adds BuildRequires for devmapper code paths in msft-main.
* Requires the new Rust virtiosfd 1.8.0.
* Ensures sed doesn't break symlinks. For configuration.toml, sed would
convert that file from a symlink to a regular file, so it'd become out of
sync with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag
as well for good measure.
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 25, 2024
* Cleans up runtime make flags:
* Set DEFVIRTIOFSDAEMON to the Rust binary path.
* The following were redundant as we were setting the default:
* DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS)
* DEFVIRTIOFSCACHESIZE
* DEFSANDBOXCGROUPONLY
* DEFSTATICRESOURCEMGMT_CLH
* The following were referring to macros that do NOT expand to a value:
* QEMUPATH
* MACHINETYPE
* FEATURE_SELINUX does not exist in the Kata source code.
* DEFENABLEANNOTATIONS should not be set to ".*".
* Removes all patches. See
microsoft/kata-containers#122 (comment)
for a discussion. Since then, the memory patch was included in msft-main
and patch 0004 is included in microsoft/kata-containers#154.
* Adds BuildRequires for devmapper code paths in msft-main.
* Requires the new Rust virtiosfd 1.8.0.
* Ensures sed doesn't break symlinks. For configuration.toml, sed would
convert that file from a symlink to a regular file, so it'd become out of
sync with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag
as well for good measure.
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 25, 2024
* Cleans up runtime make flags:
* Set DEFVIRTIOFSDAEMON to the Rust binary path.
* The following were redundant as we were setting the default:
* DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS)
* DEFVIRTIOFSCACHESIZE
* DEFSANDBOXCGROUPONLY
* DEFSTATICRESOURCEMGMT_CLH
* The following were referring to macros that do NOT expand to a value:
* QEMUPATH
* MACHINETYPE
* FEATURE_SELINUX does not exist in the Kata source code.
* DEFENABLEANNOTATIONS should not be set to ".*".
* Removes all patches. See
microsoft/kata-containers#122 (comment)
for a discussion. Since then, the memory patch was included in msft-main
and patch 0004 is included in microsoft/kata-containers#154.
* Adds BuildRequires for devmapper code paths in msft-main.
* Requires the new Rust virtiosfd 1.8.0.
* Ensures sed doesn't break symlinks. For configuration.toml, sed would
convert that file from a symlink to a regular file, so it'd become out of
sync with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag
as well for good measure.
When the rootfs is built with AGENT_POLICY=no, the build fails at line 36 for us, since our package build does not have access to the entire source at once. Rather, we only copy the directories that we think we'll need (and we missed that one). TBA in a future packaging change. [upstream-not-needed] Upstream isn't affected as they build with the whole code base. Signed-off-by: Aurelien Bombo <[email protected]>
sprt
force-pushed
the
sprt/align-vanilla-sources
branch
from
7729400 to
b4ab11d
Compare
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Jan 31, 2024
* Cleans up runtime make flags:
* Set DEFVIRTIOFSDAEMON to the Rust binary path.
* The following were redundant as we were setting the default:
* DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS)
* DEFVIRTIOFSCACHESIZE
* DEFSANDBOXCGROUPONLY
* DEFSTATICRESOURCEMGMT_CLH
* The following were referring to macros that do NOT expand to a value:
* QEMUPATH
* MACHINETYPE
* FEATURE_SELINUX does not exist in the Kata source code.
* DEFENABLEANNOTATIONS should not be set to ".*".
* Removes all patches. See
microsoft/kata-containers#122 (comment)
for a discussion. Since then, the memory patch was included in msft-main
and patch 0004 is included in microsoft/kata-containers#154.
* Adds BuildRequires for devmapper code paths in msft-main.
* Requires the new Rust virtiosfd 1.8.0.
* Ensures sed doesn't break symlinks. For configuration.toml, sed would
convert that file from a symlink to a regular file, so it'd become out of
sync with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag
as well for good measure.
danmihai1
approved these changes
Jan 31, 2024
manuelh-dev
approved these changes
Jan 31, 2024
sprt
force-pushed
the
sprt/align-vanilla-sources
branch
2 times, most recently
from
fcf3b08 to
b4ab11d
Compare
Fixes a remnant of cc-msft-prototypes. This will require a change in the kata-containers-cc spec. [upstream-not-needed] Signed-off-by: Aurelien Bombo <[email protected]>
sprt
added a commit
to microsoft/azurelinux
that referenced
this pull request
Feb 12, 2024
* Cleans up runtime make flags:
* Set DEFVIRTIOFSDAEMON to the Rust binary path.
* The following were redundant as we were setting the default:
* DEFSHAREDFS (now DEFSHAREDFS_CLH_VIRTIOFS)
* DEFVIRTIOFSCACHESIZE
* DEFSANDBOXCGROUPONLY
* DEFSTATICRESOURCEMGMT_CLH
* The following were referring to macros that do NOT expand to a value:
* QEMUPATH
* MACHINETYPE
* FEATURE_SELINUX does not exist in the Kata source code.
* DEFENABLEANNOTATIONS should not be set to ".*".
* Removes all patches. See
microsoft/kata-containers#122 (comment)
for a discussion. Since then, the memory patch was included in msft-main
and patch 0004 is included in microsoft/kata-containers#154.
* Adds BuildRequires for devmapper code paths in msft-main.
* Requires the new Rust virtiosfd 1.8.0.
* Ensures sed doesn't break symlinks. For configuration.toml, sed would
convert that file from a symlink to a regular file, so it'd become out of
sync with configuration-clh.toml. rootfs.sh isn't a symlink but added the flag
as well for good measure.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge Checklist
upstream-missinglabel (orupstream-not-needed) has been set on the PR.Summary
Turns out we can start vanilla Kata pods pretty much out of the box with msft-main. This PR just tweaks the vanilla config file and patches the runtime to unblock the debug console. I'm surprised we still need the runtime change, but I've verified the debug console doesn't work without that patch.
See microsoft/azurelinux#6942 for specs changes.
Test Methodology