packages/kata-containers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!118 stratovirt: Append readonly option when get pflash cmdline

Browse Source 
From: @kevinzhu1 
Reviewed-by: @Vanient, @duguhaotian, @ooorz, @xinleguo 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2023-03-06 12:56:43 +00:00 committed by Gitee
commit 58f1c0d04c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 54 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
kata-containers.spec
View File

@ -2,7 +2,7 @@
%global debug_package %{nil} %global debug_package %{nil}
%define VERSION 2.1.0 %define VERSION 2.1.0
%define RELEASE 31 %define RELEASE 32
Name: kata-containers Name: kata-containers
Version: %{VERSION} Version: %{VERSION}
@ -109,6 +109,12 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
%doc %doc
%changelog %changelog
* Mon Mar 6 2023 zhukeqian <zhukeqian1@huawei.com> - 2.1.0-32
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:append readonly option when get pflash cmdline for stratovirt runtime
* Thu Mar 02 2023 Vanient<xiadanni1@huawei.com> - 2.1.0-31 * Thu Mar 02 2023 Vanient<xiadanni1@huawei.com> - 2.1.0-31
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA
@ -145,7 +151,7 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
- SUG:NA - SUG:NA
- DESC:fix startup failure that adding more than 16 root port devices in stratovirt - DESC:fix startup failure that adding more than 16 root port devices in stratovirt
* Tues Mar 2 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-25 * Wed Mar 2 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-25
- Type:feature - Type:feature
- ID:NA - ID:NA
- SUG:NA - SUG:NA
@ -163,13 +169,13 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
- SUG:NA - SUG:NA
- DESC:add the stratovirt standardVM sandbox type to kata container - DESC:add the stratovirt standardVM sandbox type to kata container
* Thur Jan 13 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-22 * Thu Jan 13 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-22
- Type:feature - Type:feature
- ID:NA - ID:NA
- SUG:NA - SUG:NA
- DESC:refactor hypervisor type `stratovirt` and its methods - DESC:refactor hypervisor type `stratovirt` and its methods
* Tues Jan 11 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-21 * Tue Jan 11 2022 Xinle.Guo <guoxinle1@huawei.com> - 2.1.0-21
- Type:feature - Type:feature
- ID:NA - ID:NA
- SUG:NA - SUG:NA
@ -235,7 +241,7 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
- SUG:NA - SUG:NA
- DESC:fix umount container rootfs dir return invalid argument error - DESC:fix umount container rootfs dir return invalid argument error
* Fri Nov 24 2021 jikui <jikui2@huawei.com> - 2.1.0-10 * Wed Nov 24 2021 jikui <jikui2@huawei.com> - 2.1.0-10
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA
- SUG:NA - SUG:NA
@ -247,19 +253,19 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2
- SUG:NA - SUG:NA
- DESC:modify kernel and image path in configuration.toml - DESC:modify kernel and image path in configuration.toml
* Tue Oct 16 2021 jikui <jikui2@huawei.com> - 2.1.0-8 * Sat Oct 16 2021 jikui <jikui2@huawei.com> - 2.1.0-8
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA
- SUG:NA - SUG:NA
- DESC:keep the qemu process name same as the configured path - DESC:keep the qemu process name same as the configured path
* Mon Oct 15 2021 jikui <jikui2@huawei.com> - 2.1.0-7 * Fri Oct 15 2021 jikui <jikui2@huawei.com> - 2.1.0-7
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA
- SUG:NA - SUG:NA
- DESC:fix kata-runtime skip read lines in /proc/mounts - DESC:fix kata-runtime skip read lines in /proc/mounts
* Fri Oct 5 2021 jikui <jikui2@huawei.com> - 2.1.0-6 * Tue Oct 5 2021 jikui <jikui2@huawei.com> - 2.1.0-6
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA
- SUG:NA - SUG:NA

39
patches/0034-stratovirt-Append-readonly-option-when-get-pflash-cm.patch Normal file
View File

@ -0,0 +1,39 @@
From 59cf9bfb95386f123190eff58d50e99ec1ec5ea7 Mon Sep 17 00:00:00 2001
From: Keqian Zhu <zhukeqian1@huawei.com>
Date: Tue, 20 Dec 2022 14:14:46 +0800
Subject: [PATCH] stratovirt: Append readonly option when get pflash cmdline
All Stratovirt VM shares the same pflash file by default, and file can only be
shared readonly for safety.
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
---
src/runtime/virtcontainers/stratovirt.go | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/runtime/virtcontainers/stratovirt.go b/src/runtime/virtcontainers/stratovirt.go
index 98a702a..7b01c76 100644
--- a/src/runtime/virtcontainers/stratovirt.go
+++ b/src/runtime/virtcontainers/stratovirt.go
@@ -661,15 +661,15 @@ func (s *stratovirt) getKernelParams(machineType string, initrdPath string) (str
func (s *stratovirt) getPFlash(machineType string) ([]string, error) {
var PFlash []string
if s.config.FirmwarePath != "" {
- PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0", s.config.FirmwarePath))
+ PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0,readonly=true", s.config.FirmwarePath))
return PFlash, nil
}
switch machineType {
case MachineTypeQ35:
- PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0", Q35PFlashCode))
+ PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0,readonly=true", Q35PFlashCode))
case MachineTypeVirt:
- PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0", VirtPFlashCode))
+ PFlash = append(PFlash, fmt.Sprintf("file=%s,if=pflash,unit=0,readonly=true", VirtPFlashCode))
case MachineTypeMicrovm:
return nil, nil
default:
--
2.33.0

1
series.conf
View File

@ -31,3 +31,4 @@
0031-add-explicit-on-after-kernel_irqchip.patch 0031-add-explicit-on-after-kernel_irqchip.patch
0032-qmp-Don-t-use-deprecated-props-field-for-object-add.patch 0032-qmp-Don-t-use-deprecated-props-field-for-object-add.patch
0033-optimize-compile-options.patch 0033-optimize-compile-options.patch
0034-stratovirt-Append-readonly-option-when-get-pflash-cm.patch