diff --git a/cmd/gcs/main.go b/cmd/gcs/main.go index 25751763dd..132e6439b5 100644 --- a/cmd/gcs/main.go +++ b/cmd/gcs/main.go @@ -20,7 +20,8 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "go.opencensus.io/trace" - + + "github.com/Microsoft/hcsshim/global" "github.com/Microsoft/hcsshim/internal/guest/bridge" "github.com/Microsoft/hcsshim/internal/guest/kmsg" "github.com/Microsoft/hcsshim/internal/guest/runtime/hcsv2" @@ -195,6 +196,9 @@ func main() { disableTimeSync := flag.Bool("disable-time-sync", false, "If true do not run chronyd time synchronization service inside the UVM") + crun := flag.Bool("crun", + false, + "setting global runtime") scrubLogs := flag.Bool("scrub-logs", false, "If true, scrub potentially sensitive information from logging") initialPolicyStance := flag.String("initial-policy-stance", "allow", @@ -294,6 +298,11 @@ func main() { // Continuously log /dev/kmsg go kmsg.ReadForever(kmsg.LogLevel(*kmsgLogLevel)) + + if *crun { + global.SetGlobalRuntime("crun") + } + tport := &transport.VsockTransport{} rtime, err := runc.NewRuntime(baseLogPath) if err != nil { diff --git a/global/global.go b/global/global.go new file mode 100644 index 0000000000..091354aa1b --- /dev/null +++ b/global/global.go @@ -0,0 +1,14 @@ +// config/config.go +package global + +var global_runtime string + +// Setter function +func SetGlobalRuntime(value string) { + global_runtime = value +} + +// Getter function +func GetGlobalRuntime() string { + return global_runtime +} diff --git a/internal/guest/runtime/runc/utils.go b/internal/guest/runtime/runc/utils.go index 38535ccbab..6e94192e9f 100644 --- a/internal/guest/runtime/runc/utils.go +++ b/internal/guest/runtime/runc/utils.go @@ -15,6 +15,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" + "github.com/Microsoft/hcsshim/global" "github.com/Microsoft/hcsshim/internal/guest/runtime" ) @@ -171,5 +172,8 @@ func runcCommandLog(logPath string, args ...string) *exec.Cmd { } func runcCommand(args ...string) *exec.Cmd { + if global.GetGlobalRuntime() == "crun" { + return exec.Command("crun", args...) + } return exec.Command("runc", args...) } diff --git a/internal/oci/uvm.go b/internal/oci/uvm.go index 622466bc1a..7dd73e7a01 100644 --- a/internal/oci/uvm.go +++ b/internal/oci/uvm.go @@ -308,6 +308,7 @@ func SpecToUVMCreateOpts(ctx context.Context, s *specs.Spec, id, owner string) ( handleAnnotationBootFilesPath(ctx, s.Annotations, lopts) lopts.EnableScratchEncryption = ParseAnnotationsBool(ctx, s.Annotations, annotations.EncryptedScratchDisk, lopts.EnableScratchEncryption) lopts.SecurityPolicy = ParseAnnotationsString(s.Annotations, annotations.SecurityPolicy, lopts.SecurityPolicy) + lopts.Runtime = ParseAnnotationsString(s.Annotations, annotations.Runtime, lopts.Runtime) lopts.SecurityPolicyEnforcer = ParseAnnotationsString(s.Annotations, annotations.SecurityPolicyEnforcer, lopts.SecurityPolicyEnforcer) lopts.UVMReferenceInfoFile = ParseAnnotationsString(s.Annotations, annotations.UVMReferenceInfoFile, lopts.UVMReferenceInfoFile) lopts.KernelBootOptions = ParseAnnotationsString(s.Annotations, annotations.KernelBootOptions, lopts.KernelBootOptions) diff --git a/internal/uvm/create_lcow.go b/internal/uvm/create_lcow.go index d100e99d79..a9efae4bec 100644 --- a/internal/uvm/create_lcow.go +++ b/internal/uvm/create_lcow.go @@ -133,6 +133,7 @@ type OptionsLCOW struct { HclEnabled *bool // Whether to enable the host compatibility layer ExtraVSockPorts []uint32 // Extra vsock ports to allow AssignedDevices []VPCIDeviceID // AssignedDevices are devices to add on pod boot + Runtime string // runtime } // defaultLCOWOSBootFilesPath returns the default path used to locate the LCOW @@ -182,6 +183,7 @@ func NewDefaultOptionsLCOW(id, owner string) *OptionsLCOW { SecurityPolicyEnabled: false, UVMReferenceInfoFile: UVMReferenceInfoFile, }, + Runtime: "", } opts.UpdateBootFilesPath(context.TODO(), defaultLCOWOSBootFilesPath()) @@ -835,6 +837,10 @@ func makeLCOWDoc(ctx context.Context, opts *OptionsLCOW, uvm *UtilityVM) (_ *hcs kernelArgs += " " + opts.KernelBootOptions } + if opts.Runtime == "runhcs-lcow-crun" { + opts.ExecCommandLine = fmt.Sprintf("%s -crun", opts.ExecCommandLine) + } + if !opts.VPCIEnabled { kernelArgs += ` pci=off` } diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go index 62eac7e80d..bfa585b4ba 100644 --- a/pkg/annotations/annotations.go +++ b/pkg/annotations/annotations.go @@ -181,6 +181,9 @@ const ( // VPMemNoMultiMapping indicates that we should disable LCOW vpmem layer multi mapping. VPMemNoMultiMapping = "io.microsoft.virtualmachine.lcow.vpmem.nomultimapping" + // runtime is used to specify low-level runtime option. + Runtime = "runtime" + // KernelBootOptions is used to specify kernel options used while booting a linux kernel. KernelBootOptions = "io.microsoft.virtualmachine.lcow.kernelbootoptions"