Change the way we pass information to urunit in Linux guests#308
Merged
urunc-bot[bot] merged 5 commits intomainfrom Oct 26, 2025
Merged
Change the way we pass information to urunit in Linux guests#308urunc-bot[bot] merged 5 commits intomainfrom
urunc-bot[bot] merged 5 commits intomainfrom
Conversation
✅ Deploy Preview for urunc ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
cmainas
force-pushed
the
feat_env_config_urunit
branch
2 times, most recently
from
d50236a to
18d2f94
Compare
cmainas
force-pushed
the
feat_env_config_urunit
branch
from
18d2f94 to
55837c9
Compare
This was
linked to
issues
Oct 23, 2025
cmainas
force-pushed
the
feat_env_config_urunit
branch
from
55837c9 to
cc7d667
Compare
ananos
approved these changes
Oct 26, 2025
There are cases where containers use non-POSIX environment variables or cases where the environment variables can exceed the limit of characters in Linux kernel boot parameters. Therefore, the environment variables were not set correctly. To fix the above issue, we change the way we pass the environment variables to the guest in Linux with the the help of urunit. In particular, instead of using the Linux kernel boot parameters, we use store the environment variables in a file and let urunit read that file and set the environment variables for the application inside the Linux VM. In order to minimize the depedencies of the guest kernel and provide a croos-monitor solution, we pass the urunit configuration file as an initrd for the guest and instruct Linux kernel to keep it with the retain_initrd kernel boot parameter. In that way, urunit simply reads the contents of /sys/firmware/initrd and is able to get the configuration file. If the guest is configured to use an initrd then we format the urunit configuration file in the cpio format and concatenate the user provided initrd with the one we created for the urunit configuration file. The Linux kernel is able to properly extract concatenated initrds and therefore the configuration file will appear in the rootfs of the VM. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
The guest can append further cli args for the monitor, since the VMM interface calls the MonitorCli function. However, this function was not compatible with Firecracker, which uses a json configuration file to define the VM arguments. THis commit partially fixes this by updating the return value of MonitorCli, in order to use a new struct. The current implementation was also necessary for Linux to define the extra initrd file with the urunit configuration. Therefore, for the time being the MonitrCliArgs consists of only two fields, one for initr and one for other cli args. However, in the future we can iterate over it and update it. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
Update the urunit configuration file to enable passing extra information for the execution environment of the application inside the Linux VM. In particular, this commit passess the following information to urunit: - uid of the Linux process inside the VM - gid of the Linux process inside the VM - working directory of the Linux process inside the VM The format that is used is the following: UES /* env vars */ UEE UCS UID:<uid> GID:<gid> WD:<working_directory> UCE PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
Update the tutorail for running existing containers over Linux in urunc in order to include the new changes on passing information to the guest from the host. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
Update the prvious tests in Linux for environment variables to also check the correct setting of uid,gid and working directory except of the environment variables. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
github-actions
Bot
force-pushed
the
feat_env_config_urunit
branch
from
cc7d667 to
1aa48ec
Compare
urunc-bot Bot
pushed a commit
that referenced
this pull request
Oct 26, 2025
There are cases where containers use non-POSIX environment variables or cases where the environment variables can exceed the limit of characters in Linux kernel boot parameters. Therefore, the environment variables were not set correctly. To fix the above issue, we change the way we pass the environment variables to the guest in Linux with the the help of urunit. In particular, instead of using the Linux kernel boot parameters, we use store the environment variables in a file and let urunit read that file and set the environment variables for the application inside the Linux VM. In order to minimize the depedencies of the guest kernel and provide a croos-monitor solution, we pass the urunit configuration file as an initrd for the guest and instruct Linux kernel to keep it with the retain_initrd kernel boot parameter. In that way, urunit simply reads the contents of /sys/firmware/initrd and is able to get the configuration file. If the guest is configured to use an initrd then we format the urunit configuration file in the cpio format and concatenate the user provided initrd with the one we created for the urunit configuration file. The Linux kernel is able to properly extract concatenated initrds and therefore the configuration file will appear in the rootfs of the VM. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
urunc-bot Bot
pushed a commit
that referenced
this pull request
Oct 26, 2025
The guest can append further cli args for the monitor, since the VMM interface calls the MonitorCli function. However, this function was not compatible with Firecracker, which uses a json configuration file to define the VM arguments. THis commit partially fixes this by updating the return value of MonitorCli, in order to use a new struct. The current implementation was also necessary for Linux to define the extra initrd file with the urunit configuration. Therefore, for the time being the MonitrCliArgs consists of only two fields, one for initr and one for other cli args. However, in the future we can iterate over it and update it. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
urunc-bot Bot
pushed a commit
that referenced
this pull request
Oct 26, 2025
Update the urunit configuration file to enable passing extra information for the execution environment of the application inside the Linux VM. In particular, this commit passess the following information to urunit: - uid of the Linux process inside the VM - gid of the Linux process inside the VM - working directory of the Linux process inside the VM The format that is used is the following: UES /* env vars */ UEE UCS UID:<uid> GID:<gid> WD:<working_directory> UCE PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
urunc-bot Bot
pushed a commit
that referenced
this pull request
Oct 26, 2025
Update the tutorail for running existing containers over Linux in urunc in order to include the new changes on passing information to the guest from the host. PR: #308 Signed-off-by: Charalampos Mainas <cmainas@nubificus.co.uk> Reviewed-by: Anastassios Nanos <ananos@nubificus.co.uk> Approved-by: Anastassios Nanos <ananos@nubificus.co.uk>
|
This was referenced Oct 27, 2025
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently we are using the Linux kernel boot parameters to pass environment variables for the application execution in Linux VMs. Furthermore,
urunitwas responsible to properly handle the application arguments. However, this approach has the following limitations:For all the above reason, we change the way we pass information to
urunitby using "urunit configuration file" instead of kernel boot parameters. In particular, if we set theURUNIT_CONFIGenvironment variable to point to a file, thenurunitwill try to parse this file and expects to read the following configuration format:Parsing a confguration like this,
urunitwill set the environment variables for the application execution, the uid,gid and at last switch to the working directory for the application.In order to minimize the dependencies for the Linux kernel running as guest, we choose to pass this file as an initrd and set the
retain_initrdkernel boot parameter. In that way,urunitcan mount sysfs at/sysand read the configuration file from/sys/firmware/initrdwhere the Linux kernel will store the initrd. In case the guest is configured to boot with an initrd, thenuruncwill archive the configuration file using the cpio format and concatenate it with the user specified initrd. The linux kernel is smart enough to properly unpack concatenated initrd and hence the urunit configuration file will appear in the guest rootfs. Therefore, with that method, there are only the following requirements for the guest kernel:CONFIG_BLK_DEV_INITRDCONFIG_SYSFSOf course,
uruncfills the above configuration, based on the container's configuration and specifically, theProcessstruct of the spec.