!118 stratovirt: Append readonly option when get pflash cmdline
From: @kevinzhu1 Reviewed-by: @Vanient, @duguhaotian, @ooorz, @xinleguo Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot
Gitee
commit
58f1c0d04c
@ -2,7 +2,7 @@
|
||||
%global debug_package %{nil}
|
||||
|
||||
%define VERSION 2.1.0
|
||||
%define RELEASE 31
|
||||
%define RELEASE 32
|
||||
|
||||
Name: kata-containers
|
||||
Version: %{VERSION}
|
||||
@ -109,6 +109,12 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
|
||||
%doc
|
||||
|
||||
%changelog
|
||||
* Mon Mar 6 2023 zhukeqian <zhukeqian1@huawei.com> - 2.1.0-32
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:append readonly option when get pflash cmdline for stratovirt runtime
|
||||
|
||||
* Thu Mar 02 2023 Vanient<xiadanni1@huawei.com> - 2.1.0-31
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
@ -145,7 +151,7 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
|
||||
- SUG:NA
|
||||
- DESC:fix startup failure that adding more than 16 root port devices in stratovirt
|
||||
|
||||
* Tues Mar 2 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-25
|
||||
* Wed Mar 2 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-25
|
||||
- Type:feature
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
@ -163,13 +169,13 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
|
||||
- SUG:NA
|
||||
- DESC:add the stratovirt standardVM sandbox type to kata container
|
||||
|
||||
* Thur Jan 13 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-22
|
||||
* Thu Jan 13 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-22
|
||||
- Type:feature
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:refactor hypervisor type `stratovirt` and its methods
|
||||
|
||||
* Tues Jan 11 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-21
|
||||
* Tue Jan 11 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-21
|
||||
- Type:feature
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
@ -235,7 +241,7 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
|
||||
- SUG:NA
|
||||
- DESC:fix umount container rootfs dir return invalid argument error
|
||||
|
||||
* Fri Nov 24 2021 jikui <jikui2@huawei.com> - 2.1.0-10
|
||||
* Wed Nov 24 2021 jikui <jikui2@huawei.com> - 2.1.0-10
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
@ -247,19 +253,19 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
|
||||
- SUG:NA
|
||||
- DESC:modify kernel and image path in configuration.toml
|
||||
|
||||
* Tue Oct 16 2021 jikui <jikui2@huawei.com> - 2.1.0-8
|
||||
* Sat Oct 16 2021 jikui <jikui2@huawei.com> - 2.1.0-8
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:keep the qemu process name same as the configured path
|
||||
|
||||
* Mon Oct 15 2021 jikui <jikui2@huawei.com> - 2.1.0-7
|
||||
* Fri Oct 15 2021 jikui <jikui2@huawei.com> - 2.1.0-7
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:fix kata-runtime skip read lines in /proc/mounts
|
||||
|
||||
* Fri Oct 5 2021 jikui <jikui2@huawei.com> - 2.1.0-6
|
||||
* Tue Oct 5 2021 jikui <jikui2@huawei.com> - 2.1.0-6
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
From 59cf9bfb95386f123190eff58d50e99ec1ec5ea7 Mon Sep 17 00:00:00 2001
|
||||
From: Keqian Zhu <zhukeqian1@huawei.com>
|
||||
Date: Tue, 20 Dec 2022 14:14:46 +0800
|
||||
Subject: [PATCH] stratovirt: Append readonly option when get pflash cmdline
|
||||
|
||||
All Stratovirt VM shares the same pflash file by default, and file can only be
|
||||
shared readonly for safety.
|
||||
|
||||
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
|
||||
---
|
||||
src/runtime/virtcontainers/stratovirt.go | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/runtime/virtcontainers/stratovirt.go b/src/runtime/virtcontainers/stratovirt.go
|
||||
index 98a702a..7b01c76 100644
|
||||
--- a/src/runtime/virtcontainers/stratovirt.go
|
||||
+++ b/src/runtime/virtcontainers/stratovirt.go
|
||||
@@ -661,15 +661,15 @@ func (s *stratovirt) getKernelParams(machineType string, initrdPath string) (str
|
||||
func (s *stratovirt) getPFlash(machineType string) ([]string, error) {
|
||||
var PFlash []string
|
||||
if s.config.FirmwarePath != "" {
|
||||
- PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0", s.config.FirmwarePath))
|
||||
+ PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0,readonly=true", s.config.FirmwarePath))
|
||||
return PFlash, nil
|
||||
}
|
||||
|
||||
switch machineType {
|
||||
case MachineTypeQ35:
|
||||
- PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0", Q35PFlashCode))
|
||||
+ PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0,readonly=true", Q35PFlashCode))
|
||||
case MachineTypeVirt:
|
||||
- PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0", VirtPFlashCode))
|
||||
+ PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0,readonly=true", VirtPFlashCode))
|
||||
case MachineTypeMicrovm:
|
||||
return nil, nil
|
||||
default:
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -31,3 +31,4 @@
|
||||
0031-add-explicit-on-after-kernel_irqchip.patch
|
||||
0032-qmp-Don-t-use-deprecated-props-field-for-object-add.patch
|
||||
0033-optimize-compile-options.patch
|
||||
0034-stratovirt-Append-readonly-option-when-get-pflash-cm.patch
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user