Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel: Add CONFIG_TMPFS_XATTR to tdx.conf #10790

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

kernel: Add CONFIG_TMPFS_XATTR to tdx.conf #10790

wants to merge 1 commit into from
+5 −1

Conversation

JakubLedworowski
Copy link
Contributor

@JakubLedworowski JakubLedworowski commented Jan 24, 2025
edited
Loading

During pull inside the guest, overlayfs expects xattrs.

Fixes: guest-components#876

Kudos for @mythi and @Xynnn007 for suggesting the fix.

@katacontainersbot katacontainersbot added the size/tiny Smallest and simplest task label Jan 24, 2025
@JakubLedworowski JakubLedworowski mentioned this pull request Jan 24, 2025
Open
@JakubLedworowski
Copy link
Contributor Author

I will need support in defining the proper place for this setting as I've just naively set it for tdx.conf while I understand that it should be generic for confidential VMs.

@mythi
Copy link
Contributor

mythi commented Jan 24, 2025

common/confidential_containers?

fidencio
fidencio reviewed Jan 24, 2025
View reviewed changes
tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf Outdated
@@ -10,3 +10,4 @@ CONFIG_VIRT_DRIVERS=y
CONFIG_X86_5LEVEL=y
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
CONFIG_X86_PLATFORM_DEVICES=y
CONFIG_TMPFS_XATTR=y
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JakubLedworowski, please, create a new file under https://github.com/kata-containers/kata-containers/tree/main/tools/packaging/kernel/configs/fragments/common/confidential_containers and add this there.

@JakubLedworowski
kernel: Add CONFIG_TMPFS_XATTR to confidential kernel
203785f 
During pull inside the guest, overlayfs expects xattrs.

Fixes: [guest-components#876](confidential-containers/guest-components#876)

Signed-off-by: Jakub Ledworowski <[email protected]>
@JakubLedworowski JakubLedworowski force-pushed the add-xattr-to-confidential-kernel branch from 252bc4f to 203785f Compare January 24, 2025 15:07
fidencio
fidencio reviewed Jan 24, 2025
View reviewed changes
tools/packaging/kernel/build-kernel.sh
@@ -293,6 +293,9 @@ get_kernel_frag_path() {
info "Enabling config for '${conf_guest}' confidential guest protection"
local conf_configs="$(ls ${arch_path}/${conf_guest}/*.conf)"
all_configs="${all_configs} ${conf_configs}"

local tmpfs_configs="$(ls ${common_path}/confidential_containers/tmpfs.conf)"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Identation is off here.

zvonkok
zvonkok reviewed Jan 24, 2025
View reviewed changes
tools/packaging/kernel/configs/fragments/common/confidential_containers/tmpfs.conf
@@ -0,0 +1 @@
CONFIG_TMPFS_XATTR=y
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No EOL here,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zvonkok zvonkok zvonkok left review comments

@fidencio fidencio fidencio left review comments

@ksandowi ksandowi ksandowi approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
ok-to-test size/tiny Smallest and simplest task
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Whiteout files present after image unpacking
6 participants
@JakubLedworowski @mythi @fidencio @zvonkok @ksandowi @katacontainersbot