Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kata: 3.9.0 -> 3.10.1 #970

Merged
merged 1 commit into from
Nov 4, 2024
Merged

kata: 3.9.0 -> 3.10.1 #970

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...by-name/kata/kata-runtime/0001-govmm-Directly-pass-the-firwmare-using-bios-with-SNP.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From a6c6d12b6e067c5bbd193c6dde3e1deb4700e33d Mon Sep 17 00:00:00 2001
From 099fd9159c03561ed738dacb370d18183f8601aa Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <[email protected]>
Date: Fri, 5 Jul 2024 08:43:13 +0000
Subject: [PATCH] govmm: Directly pass the firwmare using -bios with SNP
Expand Down
2 changes: 1 addition & 1 deletion ...by-name/kata/kata-runtime/0002-emulate-CPU-model-that-most-closely-matches-the-host.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 8086c7a042bcf54ee739c683588a5db6ffd26acd Mon Sep 17 00:00:00 2001
From b73c887c4b00d58b1a9bf403c5b2d05b02574731 Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <[email protected]>
Date: Mon, 8 Jul 2024 07:35:54 +0000
Subject: [PATCH] emulate CPU model that most closely matches the host
Expand Down
36 changes: 23 additions & 13 deletions packages/by-name/kata/kata-runtime/0003-runtime-agent-verify-the-agent-policy-hash.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 9213830793a4a8fc04bdd063c8746d41b6bca4f6 Mon Sep 17 00:00:00 2001
From d3bc2eb74a14272afb10d20c63e4d938538acbfe Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <[email protected]>
Date: Mon, 8 Jul 2024 07:51:20 +0000
Subject: [PATCH] runtime: agent: verify the agent policy hash
Expand All @@ -18,7 +18,7 @@ the Agent has the expected contents.
Signed-off-by: Dan Mihai <[email protected]>
Signed-off-by: Tom Dohrmann <[email protected]>
---
src/agent/Cargo.lock | 98 +++++++++
src/agent/Cargo.lock | 101 +++++++++
src/agent/Cargo.toml | 7 +-
src/agent/src/main.rs | 4 +
src/agent/src/policy.rs | 46 ++++-
Expand All @@ -37,12 +37,12 @@ Signed-off-by: Tom Dohrmann <[email protected]>
src/runtime/virtcontainers/qemu_s390x.go | 2 +-
src/runtime/virtcontainers/qemu_s390x_test.go | 51 ++++-
src/runtime/virtcontainers/sandbox.go | 1 +
19 files changed, 674 insertions(+), 40 deletions(-)
19 files changed, 677 insertions(+), 40 deletions(-)
create mode 100644 src/agent/src/sev.rs
create mode 100644 src/agent/src/tdx.rs

diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
index f55144570..6c9342ddb 100644
index f55144570..8cf40f7ec 100644
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -542,6 +542,12 @@ version = "0.6.3"
Expand Down Expand Up @@ -210,7 +210,17 @@ index f55144570..6c9342ddb 100644
[[package]]
name = "sha1"
version = "0.10.6"
@@ -6370,6 +6458,16 @@ version = "0.9.4"
@@ -6351,6 +6439,9 @@ name = "uuid"
version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
+dependencies = [
+ "serde",
+]

[[package]]
name = "valuable"
@@ -6370,6 +6461,16 @@ version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"

Expand Down Expand Up @@ -253,7 +263,7 @@ index a8ed5d081..d5b3db965 100644

[[bin]]
diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs
index 88a5ec01a..9e98794d4 100644
index 8a057bb36..22d858c10 100644
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -85,6 +85,10 @@ mod tracer;
Expand Down Expand Up @@ -621,10 +631,10 @@ index b3b3fb4bd..5070ecd1e 100644

return tdxObject.String()
diff --git a/src/runtime/virtcontainers/hypervisor.go b/src/runtime/virtcontainers/hypervisor.go
index 853ad4d5b..c47029e1d 100644
index 5eb922980..0e5205cc9 100644
--- a/src/runtime/virtcontainers/hypervisor.go
+++ b/src/runtime/virtcontainers/hypervisor.go
@@ -559,7 +559,7 @@ type HypervisorConfig struct {
@@ -545,7 +545,7 @@ type HypervisorConfig struct {
// NumVCPUs specifies default number of vCPUs for the VM.
NumVCPUsF float32

Expand All @@ -633,7 +643,7 @@ index 853ad4d5b..c47029e1d 100644
DefaultMaxVCPUs uint32

// DefaultMem specifies default memory size in MiB for the VM.
@@ -687,6 +687,10 @@ type HypervisorConfig struct {
@@ -673,6 +673,10 @@ type HypervisorConfig struct {

// Initdata defines the initdata passed into guest when CreateVM
Initdata string
Expand All @@ -644,7 +654,7 @@ index 853ad4d5b..c47029e1d 100644
}

// vcpu mapping from vcpu number to thread number
@@ -1048,8 +1052,8 @@ type guestProtection uint8
@@ -1027,8 +1031,8 @@ type guestProtection uint8
const (
noneProtection guestProtection = iota

Expand All @@ -656,7 +666,7 @@ index 853ad4d5b..c47029e1d 100644
tdxProtection

diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go
index 7a189bb91..509f74a3c 100644
index ba86c3d63..2c6311c06 100644
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@@ -681,7 +681,7 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
Expand Down Expand Up @@ -1271,10 +1281,10 @@ index 24a67bdd9..3f5f84aff 100644
+ assert.Equal(expectedOut, devices)
}
diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go
index 8df2b7cc5..07df77478 100644
index ac0d35e9c..ff7a46b4e 100644
--- a/src/runtime/virtcontainers/sandbox.go
+++ b/src/runtime/virtcontainers/sandbox.go
@@ -608,6 +608,7 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor
@@ -613,6 +613,7 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor

sandboxConfig.HypervisorConfig.VMStorePath = s.store.RunVMStoragePath()
sandboxConfig.HypervisorConfig.RunStorePath = s.store.RunStoragePath()
Expand Down
4 changes: 2 additions & 2 deletions ...0005-genpolicy-enable-sysctl-checks.patch → ...0004-genpolicy-enable-sysctl-checks.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 3c05719560ccc658440af1d12542a9b2b1b68dea Mon Sep 17 00:00:00 2001
From cc68c48a9af8cbdd6ffd8a74d7960adc22150f08 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Wed, 24 Jul 2024 09:48:48 +0200
Subject: [PATCH] genpolicy: enable sysctl checks
Expand Down Expand Up @@ -44,7 +44,7 @@ index fe1625bac..e50d5e545 100644
},
"volumes": {
diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 361bd7e8b..6a3a04da6 100644
index 1d95bfe69..a89b13ed1 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -112,7 +112,6 @@ allow_create_container_input {
Expand Down
144 changes: 0 additions & 144 deletions packages/by-name/kata/kata-runtime/0004-genpolicy-validate-create-sandbox-storages.patch
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions ...enpolicy-read-bundle-id-from-rootfs.patch → ...enpolicy-read-bundle-id-from-rootfs.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From a91041e762342a76065e51c4076574aba7c63c42 Mon Sep 17 00:00:00 2001
From eed3e15bfd5468480e07b08dbf5266a75a61e076 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Wed, 24 Jul 2024 09:51:57 +0200
Subject: [PATCH] genpolicy: read bundle-id from rootfs
Expand All @@ -14,7 +14,7 @@ NOTE: fixes https://github.com/kata-containers/kata-containers/issues/10065
1 file changed, 8 insertions(+), 21 deletions(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 6a3a04da6..0cb0218cc 100644
index a89b13ed1..d9b68e3ac 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -509,9 +509,6 @@ allow_linux_sysctl(p_linux, i_linux) {
Expand Down
4 changes: 2 additions & 2 deletions ...heck-contrast-specific-layer-src-pr.patch → ...heck-contrast-specific-layer-src-pr.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From dcbe8905e574525c4aa3afbb32e58fda0b49889b Mon Sep 17 00:00:00 2001
From 551b4a87596fe66741433424872deefbc251ee59 Mon Sep 17 00:00:00 2001
From: Paul Meyer <[email protected]>
Date: Thu, 11 Jul 2024 12:05:00 +0200
Subject: [PATCH] genpolicy: regex check contrast specific layer-src-prefix
Expand All @@ -9,7 +9,7 @@ Signed-off-by: Paul Meyer <[email protected]>
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 0cb0218cc..696439c4a 100644
index d9b68e3ac..6ddcd18cd 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -905,7 +905,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) {
Expand Down
2 changes: 1 addition & 1 deletion ...genpolicy-settings-bump-OCI-version.patch → ...genpolicy-settings-bump-OCI-version.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From f970b8d4fe08d4a3e5d4dcefc3f71415c560c5d1 Mon Sep 17 00:00:00 2001
From 264156d366f357b71fb697f7f65f9ff84e90c2f8 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Wed, 24 Jul 2024 11:16:37 +0200
Subject: [PATCH] genpolicy-settings: bump OCI version
Expand Down
2 changes: 1 addition & 1 deletion ...s-change-cpath-for-Nydus-guest-pull.patch → ...s-change-cpath-for-Nydus-guest-pull.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From b2f09cebe1d383ef00fd84af79a45e4848ea4b69 Mon Sep 17 00:00:00 2001
From cfa3376d255617815b8ef10bdc6026bf38a99889 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Mon, 12 Aug 2024 14:18:43 +0200
Subject: [PATCH] genpolicy-settings: change cpath for Nydus guest pull
Expand Down
4 changes: 2 additions & 2 deletions ...10-genpolicy-allow-image_guest_pull.patch → ...09-genpolicy-allow-image_guest_pull.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 36fd802eb33442c7a9a7897847b13a2a364d888b Mon Sep 17 00:00:00 2001
From f9e3e6924f326af2cbac10476f663a6bfb86685a Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Thu, 1 Aug 2024 15:58:42 +0200
Subject: [PATCH] genpolicy: allow image_guest_pull
Expand Down Expand Up @@ -39,7 +39,7 @@ index 4e9f6481d..e3b36a655 100644
"source": "local",
"fstype": "local",
diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 696439c4a..80ce58b7d 100644
index 6ddcd18cd..50219c038 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -80,7 +80,7 @@ CreateContainerRequest {
Expand Down
2 changes: 1 addition & 1 deletion ...nts-Mount-configfs-into-the-contain.patch → ...nts-Mount-configfs-into-the-contain.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From b7e3a9272cdce44e6087bcf35673365b3e576672 Mon Sep 17 00:00:00 2001
From 731cb67511c10e51b88d69227d952c4d1c0cb2c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]>
Date: Thu, 25 Apr 2024 10:34:26 +0200
Subject: [PATCH] runtime: agent: mounts: Mount configfs into the container
Expand Down
2 changes: 1 addition & 1 deletion ...cy-bump-oci-distribution-to-v0.12.0.patch → ...cy-bump-oci-distribution-to-v0.12.0.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From b378d2761d632f4fca8c5fca1e7e69ea2d19edb2 Mon Sep 17 00:00:00 2001
From 3b46844789f76480c030342d37577286a045041e Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Mon, 12 Aug 2024 13:45:43 +0200
Subject: [PATCH] genpolicy: bump oci-distribution to v0.12.0
Expand Down
4 changes: 2 additions & 2 deletions ...ort-mount-propagation-and-ro-mounts.patch → ...ort-mount-propagation-and-ro-mounts.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 1870d6484813b4700dad2e5795924d050138a4a3 Mon Sep 17 00:00:00 2001
From d7b170e9bc52af5b595d21246e8cca56dfdb59b1 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Tue, 24 Sep 2024 16:05:31 +0200
Subject: [PATCH] genpolicy: support mount propagation and ro-mounts
Expand All @@ -9,7 +9,7 @@ Subject: [PATCH] genpolicy: support mount propagation and ro-mounts
2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 80ce58b7d..bee6dea70 100644
index 50219c038..9de56a429 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -105,7 +105,8 @@ allow_create_container_input {
Expand Down
6 changes: 3 additions & 3 deletions ...n-build-root-when-generating-rootfs.patch → ...n-build-root-when-generating-rootfs.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 1ab3e3189814a6ddd64676749b4c3c94c210aba9 Mon Sep 17 00:00:00 2001
From 75333c341d1a5f34030f4be7c32f6db609f358db Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Fri, 4 Oct 2024 11:27:37 +0200
Subject: [PATCH] tools: don't clean build root when generating rootfs
Expand All @@ -8,10 +8,10 @@ Subject: [PATCH] tools: don't clean build root when generating rootfs
1 file changed, 6 deletions(-)

diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh
index 5fd77290d..3fcea41a2 100755
index 04a855a0c..f53b52460 100755
--- a/tools/osbuilder/rootfs-builder/rootfs.sh
+++ b/tools/osbuilder/rootfs-builder/rootfs.sh
@@ -398,12 +398,6 @@ build_rootfs_distro()
@@ -401,12 +401,6 @@ build_rootfs_distro()
trap error_handler ERR
fi

Expand Down
Loading
Loading