MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 12:50:22 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,498 Commits 38 Branches 0 Tags 9.2 MiB
HTML 30.6%
BitBake 26.6%
C++ 17.6%
PHP 8.7%
Python 6.6%
Other 9.9%
e96da98e40
Go to file
Bruce Ashfield e96da98e40 rootlesskit: introduce linux-native fakeroo using user namespaces 
see: https://github.com/rootless-containers/rootlesskit

---------
RootlessKit: Linux-native fakeroot using user namespaces

RootlessKit is a Linux-native implementation of 'fake root' using user_namespaces(7).
The purpose of RootlessKit is to run Docker and Kubernetes as an unprivileged user
(known as 'Rootless mode'), so as to protect the real root on the host from potential
container-breakout attacks.
---------

This is a building block for cross installation of containers and
rootless on-target execution.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2024-06-04 17:44:50 +00:00
classes classes: add depreciated warning bbclass 2024-03-15 17:17:19 +00:00
conf conf: update xen preferred version 2024-05-31 13:58:22 +00:00
docs podman: Add support for rootless mode 2022-07-15 17:11:58 -04:00
dynamic-layers xen-boot-cmd.inc: Fix initrd boot issue with 6.6 kernel 2024-02-22 17:15:22 +00:00
files fs-perms-nagios.txt: add perms conf file 2018-09-06 12:45:17 -04:00
lib/oeqa/runtime/cases xtf: add testimage integration to run XTF test cases in OEQA 2021-09-02 16:36:23 -04:00
recipes-containers podman: Use slirp4netns instead of pasta 2024-05-31 16:20:17 +00:00
recipes-core runv: drop recipe 2024-05-29 16:03:19 +00:00
recipes-demo helloworkd-flask: convert WORKDIR references to UNPACKDIR 2024-05-29 13:16:56 +00:00
recipes-devtools yq: adapt SRC_URI to include destsuffix=${GO_SRCURI_DESTSUFFIX} 2024-05-29 13:16:56 +00:00
recipes-extended rootlesskit: introduce linux-native fakeroo using user namespaces 2024-06-04 17:44:50 +00:00
recipes-graphics/xorg-xserver global: overrides syntax conversion 2021-08-02 17:17:53 -04:00
recipes-kernel kernel: fix fragment path 2024-05-29 13:16:56 +00:00
recipes-networking networking: introduce passt / pasta 2024-06-04 13:03:44 +00:00
scripts scripts: adjust to syhead go source location 2024-06-04 17:40:35 +00:00
wic xen: use bzImage for boot (instead of vmlinux) 2024-03-21 23:15:13 +00:00
.gitignore buildah: add seccomp and ipv6 to REQUIRED_DISTRO_FEATURES 2023-04-12 13:10:11 -04:00
COPYING.MIT Initial meta-xen layer documentation. 2012-06-21 15:51:11 -06:00
MAINTAINERS MAINTAINERS: add xtf and the raspberry pi dynamic layer for Xen 2021-12-16 21:45:00 -05:00
meta-virt-roadmap.txt docs: roadmap: add missing workflow items 2019-10-28 11:56:10 -04:00
README.md docs/README: drop meta-oe priority recommendation 2024-04-04 19:57:46 +00:00
SECURITY.md docs: add SECURITY.md and rename README.md 2023-11-06 16:21:12 +00:00

README.md

meta-virtualization

This layer provides support for building Xen, KVM, Libvirt, and associated packages necessary for constructing OE-based virtualized solutions.

The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'virtualization' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.

DISTRO_FEATURES:append = " virtualization"

If meta-virtualization is included, but virtualization is not enabled as a distro feature a warning is printed at parse time:

You have included the meta-virtualization layer, but
'virtualization' has not been enabled in your DISTRO_FEATURES. Some bbappend files
may not take effect. See the meta-virtualization README for details on enabling
virtualization support.

If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:

SKIP_META_VIRT_SANITY_CHECK = 1

Depending on your use case, there are other distro features in meta-virtualization that may also be enabled:

  • xen: enables xen functionality in various packages (kernel, libvirt, etc)
  • kvm: enables KVM configurations in the kernel and autoloads modules
  • k8s: enables kubernets configurations in the kernel, tools and configuration
  • aufs: enables aufs support in docker and linux-yocto
  • x11: enable xen and libvirt functionality related to x11
  • selinux: enables functionality in libvirt and lxc
  • systemd: enable systemd services and unit files (for recipes for support)
  • sysvinit: enable sysvinit scripts (for recipes with support)
  • seccomp: enable seccomp support for packages that have the capability.

Dependencies

This layer depends on:

URI: git://github.com/openembedded/openembedded-core.git branch: master revision: HEAD prio: default

URI: git://github.com/openembedded/meta-openembedded.git branch: master revision: HEAD layers: meta-oe meta-networking meta-filesystems meta-python

Required for Xen XSM policy: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default

Required for Ceph: URI: git://git.yoctoproject.org/meta-cloud-services branch: master revision: HEAD prio: default

Required for cri-o: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default

Community / Colaboration

Repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/ Mailing list: https://lists.yoctoproject.org/g/meta-virtualization IRC: libera.chat #meta-virt channel

Maintenance

Send pull requests, patches, comments or questions to meta-virtualization@lists.yoctoproject.org

Maintainer: Bruce Ashfield bruce.ashfield@gmail.com see MAINTAINERS for more specific information

When sending single patches, please using something like: $ git send-email -1 -M --to meta-virtualization@lists.yoctoproject.org --subject-prefix='meta-virtualization][PATCH'

License

All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.